github.com/argoproj/argo-cd/v3@v3.2.1/manifests/namespace-install.yaml (about) 1 # This is an auto-generated file. DO NOT EDIT 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 labels: 6 app.kubernetes.io/component: application-controller 7 app.kubernetes.io/name: argocd-application-controller 8 app.kubernetes.io/part-of: argocd 9 name: argocd-application-controller 10 --- 11 apiVersion: v1 12 kind: ServiceAccount 13 metadata: 14 labels: 15 app.kubernetes.io/component: applicationset-controller 16 app.kubernetes.io/name: argocd-applicationset-controller 17 app.kubernetes.io/part-of: argocd 18 name: argocd-applicationset-controller 19 --- 20 apiVersion: v1 21 kind: ServiceAccount 22 metadata: 23 labels: 24 app.kubernetes.io/component: dex-server 25 app.kubernetes.io/name: argocd-dex-server 26 app.kubernetes.io/part-of: argocd 27 name: argocd-dex-server 28 --- 29 apiVersion: v1 30 kind: ServiceAccount 31 metadata: 32 labels: 33 app.kubernetes.io/component: notifications-controller 34 app.kubernetes.io/name: argocd-notifications-controller 35 app.kubernetes.io/part-of: argocd 36 name: argocd-notifications-controller 37 --- 38 apiVersion: v1 39 kind: ServiceAccount 40 metadata: 41 labels: 42 app.kubernetes.io/component: redis 43 app.kubernetes.io/name: argocd-redis 44 app.kubernetes.io/part-of: argocd 45 name: argocd-redis 46 --- 47 apiVersion: v1 48 kind: ServiceAccount 49 metadata: 50 labels: 51 app.kubernetes.io/component: repo-server 52 app.kubernetes.io/name: argocd-repo-server 53 app.kubernetes.io/part-of: argocd 54 name: argocd-repo-server 55 --- 56 apiVersion: v1 57 kind: ServiceAccount 58 metadata: 59 labels: 60 app.kubernetes.io/component: server 61 app.kubernetes.io/name: argocd-server 62 app.kubernetes.io/part-of: argocd 63 name: argocd-server 64 --- 65 apiVersion: rbac.authorization.k8s.io/v1 66 kind: Role 67 metadata: 68 labels: 69 app.kubernetes.io/component: application-controller 70 app.kubernetes.io/name: argocd-application-controller 71 app.kubernetes.io/part-of: argocd 72 name: argocd-application-controller 73 rules: 74 - apiGroups: 75 - "" 76 resources: 77 - secrets 78 - configmaps 79 verbs: 80 - get 81 - list 82 - watch 83 - apiGroups: 84 - argoproj.io 85 resources: 86 - applications 87 - applicationsets 88 - appprojects 89 verbs: 90 - create 91 - get 92 - list 93 - watch 94 - update 95 - patch 96 - delete 97 - apiGroups: 98 - "" 99 resources: 100 - events 101 verbs: 102 - create 103 - list 104 - apiGroups: 105 - apps 106 resources: 107 - deployments 108 verbs: 109 - get 110 - list 111 - watch 112 --- 113 apiVersion: rbac.authorization.k8s.io/v1 114 kind: Role 115 metadata: 116 labels: 117 app.kubernetes.io/component: applicationset-controller 118 app.kubernetes.io/name: argocd-applicationset-controller 119 app.kubernetes.io/part-of: argocd 120 name: argocd-applicationset-controller 121 rules: 122 - apiGroups: 123 - argoproj.io 124 resources: 125 - applications 126 - applicationsets 127 - applicationsets/finalizers 128 verbs: 129 - create 130 - delete 131 - get 132 - list 133 - patch 134 - update 135 - watch 136 - apiGroups: 137 - argoproj.io 138 resources: 139 - appprojects 140 verbs: 141 - get 142 - list 143 - watch 144 - apiGroups: 145 - argoproj.io 146 resources: 147 - applicationsets/status 148 verbs: 149 - get 150 - patch 151 - update 152 - apiGroups: 153 - "" 154 resources: 155 - events 156 verbs: 157 - create 158 - get 159 - list 160 - patch 161 - watch 162 - apiGroups: 163 - "" 164 resources: 165 - secrets 166 - configmaps 167 verbs: 168 - get 169 - list 170 - watch 171 - apiGroups: 172 - coordination.k8s.io 173 resources: 174 - leases 175 verbs: 176 - create 177 - apiGroups: 178 - coordination.k8s.io 179 resourceNames: 180 - 58ac56fa.applicationsets.argoproj.io 181 resources: 182 - leases 183 verbs: 184 - get 185 - update 186 - create 187 --- 188 apiVersion: rbac.authorization.k8s.io/v1 189 kind: Role 190 metadata: 191 labels: 192 app.kubernetes.io/component: dex-server 193 app.kubernetes.io/name: argocd-dex-server 194 app.kubernetes.io/part-of: argocd 195 name: argocd-dex-server 196 rules: 197 - apiGroups: 198 - "" 199 resources: 200 - secrets 201 - configmaps 202 verbs: 203 - get 204 - list 205 - watch 206 --- 207 apiVersion: rbac.authorization.k8s.io/v1 208 kind: Role 209 metadata: 210 labels: 211 app.kubernetes.io/component: notifications-controller 212 app.kubernetes.io/name: argocd-notifications-controller 213 app.kubernetes.io/part-of: argocd 214 name: argocd-notifications-controller 215 rules: 216 - apiGroups: 217 - argoproj.io 218 resources: 219 - applications 220 - appprojects 221 verbs: 222 - get 223 - list 224 - watch 225 - update 226 - patch 227 - apiGroups: 228 - "" 229 resources: 230 - configmaps 231 - secrets 232 verbs: 233 - list 234 - watch 235 - apiGroups: 236 - "" 237 resourceNames: 238 - argocd-notifications-cm 239 resources: 240 - configmaps 241 verbs: 242 - get 243 - apiGroups: 244 - "" 245 resourceNames: 246 - argocd-notifications-secret 247 resources: 248 - secrets 249 verbs: 250 - get 251 --- 252 apiVersion: rbac.authorization.k8s.io/v1 253 kind: Role 254 metadata: 255 labels: 256 app.kubernetes.io/component: redis 257 app.kubernetes.io/name: argocd-redis 258 app.kubernetes.io/part-of: argocd 259 name: argocd-redis 260 rules: 261 - apiGroups: 262 - "" 263 resourceNames: 264 - argocd-redis 265 resources: 266 - secrets 267 verbs: 268 - get 269 - apiGroups: 270 - "" 271 resources: 272 - secrets 273 verbs: 274 - create 275 --- 276 apiVersion: rbac.authorization.k8s.io/v1 277 kind: Role 278 metadata: 279 labels: 280 app.kubernetes.io/component: server 281 app.kubernetes.io/name: argocd-server 282 app.kubernetes.io/part-of: argocd 283 name: argocd-server 284 rules: 285 - apiGroups: 286 - "" 287 resources: 288 - secrets 289 - configmaps 290 verbs: 291 - create 292 - get 293 - list 294 - watch 295 - update 296 - patch 297 - delete 298 - apiGroups: 299 - argoproj.io 300 resources: 301 - applications 302 - appprojects 303 - applicationsets 304 verbs: 305 - create 306 - get 307 - list 308 - watch 309 - update 310 - delete 311 - patch 312 - apiGroups: 313 - "" 314 resources: 315 - events 316 verbs: 317 - create 318 - list 319 --- 320 apiVersion: rbac.authorization.k8s.io/v1 321 kind: RoleBinding 322 metadata: 323 labels: 324 app.kubernetes.io/component: application-controller 325 app.kubernetes.io/name: argocd-application-controller 326 app.kubernetes.io/part-of: argocd 327 name: argocd-application-controller 328 roleRef: 329 apiGroup: rbac.authorization.k8s.io 330 kind: Role 331 name: argocd-application-controller 332 subjects: 333 - kind: ServiceAccount 334 name: argocd-application-controller 335 --- 336 apiVersion: rbac.authorization.k8s.io/v1 337 kind: RoleBinding 338 metadata: 339 labels: 340 app.kubernetes.io/component: applicationset-controller 341 app.kubernetes.io/name: argocd-applicationset-controller 342 app.kubernetes.io/part-of: argocd 343 name: argocd-applicationset-controller 344 roleRef: 345 apiGroup: rbac.authorization.k8s.io 346 kind: Role 347 name: argocd-applicationset-controller 348 subjects: 349 - kind: ServiceAccount 350 name: argocd-applicationset-controller 351 --- 352 apiVersion: rbac.authorization.k8s.io/v1 353 kind: RoleBinding 354 metadata: 355 labels: 356 app.kubernetes.io/component: dex-server 357 app.kubernetes.io/name: argocd-dex-server 358 app.kubernetes.io/part-of: argocd 359 name: argocd-dex-server 360 roleRef: 361 apiGroup: rbac.authorization.k8s.io 362 kind: Role 363 name: argocd-dex-server 364 subjects: 365 - kind: ServiceAccount 366 name: argocd-dex-server 367 --- 368 apiVersion: rbac.authorization.k8s.io/v1 369 kind: RoleBinding 370 metadata: 371 labels: 372 app.kubernetes.io/component: notifications-controller 373 app.kubernetes.io/name: argocd-notifications-controller 374 app.kubernetes.io/part-of: argocd 375 name: argocd-notifications-controller 376 roleRef: 377 apiGroup: rbac.authorization.k8s.io 378 kind: Role 379 name: argocd-notifications-controller 380 subjects: 381 - kind: ServiceAccount 382 name: argocd-notifications-controller 383 --- 384 apiVersion: rbac.authorization.k8s.io/v1 385 kind: RoleBinding 386 metadata: 387 labels: 388 app.kubernetes.io/component: redis 389 app.kubernetes.io/name: argocd-redis 390 app.kubernetes.io/part-of: argocd 391 name: argocd-redis 392 roleRef: 393 apiGroup: rbac.authorization.k8s.io 394 kind: Role 395 name: argocd-redis 396 subjects: 397 - kind: ServiceAccount 398 name: argocd-redis 399 --- 400 apiVersion: rbac.authorization.k8s.io/v1 401 kind: RoleBinding 402 metadata: 403 labels: 404 app.kubernetes.io/component: server 405 app.kubernetes.io/name: argocd-server 406 app.kubernetes.io/part-of: argocd 407 name: argocd-server 408 roleRef: 409 apiGroup: rbac.authorization.k8s.io 410 kind: Role 411 name: argocd-server 412 subjects: 413 - kind: ServiceAccount 414 name: argocd-server 415 --- 416 apiVersion: v1 417 data: 418 resource.customizations.ignoreResourceUpdates.ConfigMap: | 419 jqPathExpressions: 420 # Ignore the cluster-autoscaler status 421 - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"' 422 # Ignore the annotation of the legacy Leases election 423 - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"' 424 resource.customizations.ignoreResourceUpdates.Endpoints: | 425 jsonPointers: 426 - /metadata 427 - /subsets 428 resource.customizations.ignoreResourceUpdates.all: | 429 jsonPointers: 430 - /status 431 resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | 432 jqPathExpressions: 433 - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"' 434 - '.metadata.annotations."deployment.kubernetes.io/max-replicas"' 435 - '.metadata.annotations."rollout.argoproj.io/desired-replicas"' 436 resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | 437 jqPathExpressions: 438 - '.metadata.annotations."notified.notifications.argoproj.io"' 439 - '.metadata.annotations."argocd.argoproj.io/refresh"' 440 - '.metadata.annotations."argocd.argoproj.io/hydrate"' 441 - '.operation' 442 resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | 443 jqPathExpressions: 444 - '.metadata.annotations."notified.notifications.argoproj.io"' 445 resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | 446 jqPathExpressions: 447 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' 448 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' 449 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' 450 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' 451 resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | 452 jsonPointers: 453 - /metadata 454 - /endpoints 455 - /ports 456 resource.exclusions: | 457 ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter 458 - apiGroups: 459 - '' 460 - discovery.k8s.io 461 kinds: 462 - Endpoints 463 - EndpointSlice 464 ### Internal Kubernetes resources excluded reduce the number of watched events 465 - apiGroups: 466 - coordination.k8s.io 467 kinds: 468 - Lease 469 ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events 470 - apiGroups: 471 - authentication.k8s.io 472 - authorization.k8s.io 473 kinds: 474 - SelfSubjectReview 475 - TokenReview 476 - LocalSubjectAccessReview 477 - SelfSubjectAccessReview 478 - SelfSubjectRulesReview 479 - SubjectAccessReview 480 ### Intermediate Certificate Request excluded reduce the number of watched events 481 - apiGroups: 482 - certificates.k8s.io 483 kinds: 484 - CertificateSigningRequest 485 - apiGroups: 486 - cert-manager.io 487 kinds: 488 - CertificateRequest 489 ### Cilium internal resources excluded reduce the number of watched events and UI Clutter 490 - apiGroups: 491 - cilium.io 492 kinds: 493 - CiliumIdentity 494 - CiliumEndpoint 495 - CiliumEndpointSlice 496 ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance 497 - apiGroups: 498 - kyverno.io 499 - reports.kyverno.io 500 - wgpolicyk8s.io 501 kinds: 502 - PolicyReport 503 - ClusterPolicyReport 504 - EphemeralReport 505 - ClusterEphemeralReport 506 - AdmissionReport 507 - ClusterAdmissionReport 508 - BackgroundScanReport 509 - ClusterBackgroundScanReport 510 - UpdateRequest 511 kind: ConfigMap 512 metadata: 513 labels: 514 app.kubernetes.io/name: argocd-cm 515 app.kubernetes.io/part-of: argocd 516 name: argocd-cm 517 --- 518 apiVersion: v1 519 kind: ConfigMap 520 metadata: 521 labels: 522 app.kubernetes.io/name: argocd-cmd-params-cm 523 app.kubernetes.io/part-of: argocd 524 name: argocd-cmd-params-cm 525 --- 526 apiVersion: v1 527 kind: ConfigMap 528 metadata: 529 labels: 530 app.kubernetes.io/name: argocd-gpg-keys-cm 531 app.kubernetes.io/part-of: argocd 532 name: argocd-gpg-keys-cm 533 --- 534 apiVersion: v1 535 kind: ConfigMap 536 metadata: 537 labels: 538 app.kubernetes.io/component: notifications-controller 539 app.kubernetes.io/name: argocd-notifications-controller 540 app.kubernetes.io/part-of: argocd 541 name: argocd-notifications-cm 542 --- 543 apiVersion: v1 544 kind: ConfigMap 545 metadata: 546 labels: 547 app.kubernetes.io/name: argocd-rbac-cm 548 app.kubernetes.io/part-of: argocd 549 name: argocd-rbac-cm 550 --- 551 apiVersion: v1 552 data: 553 ssh_known_hosts: | 554 # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT 555 [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= 556 [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl 557 [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= 558 bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= 559 bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO 560 bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= 561 github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= 562 github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl 563 github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= 564 gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= 565 gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf 566 gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 567 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H 568 vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H 569 kind: ConfigMap 570 metadata: 571 labels: 572 app.kubernetes.io/name: argocd-ssh-known-hosts-cm 573 app.kubernetes.io/part-of: argocd 574 name: argocd-ssh-known-hosts-cm 575 --- 576 apiVersion: v1 577 kind: ConfigMap 578 metadata: 579 labels: 580 app.kubernetes.io/name: argocd-tls-certs-cm 581 app.kubernetes.io/part-of: argocd 582 name: argocd-tls-certs-cm 583 --- 584 apiVersion: v1 585 kind: Secret 586 metadata: 587 labels: 588 app.kubernetes.io/component: notifications-controller 589 app.kubernetes.io/name: argocd-notifications-controller 590 app.kubernetes.io/part-of: argocd 591 name: argocd-notifications-secret 592 type: Opaque 593 --- 594 apiVersion: v1 595 kind: Secret 596 metadata: 597 labels: 598 app.kubernetes.io/name: argocd-secret 599 app.kubernetes.io/part-of: argocd 600 name: argocd-secret 601 type: Opaque 602 --- 603 apiVersion: v1 604 kind: Service 605 metadata: 606 labels: 607 app.kubernetes.io/component: applicationset-controller 608 app.kubernetes.io/name: argocd-applicationset-controller 609 app.kubernetes.io/part-of: argocd 610 name: argocd-applicationset-controller 611 spec: 612 ports: 613 - name: webhook 614 port: 7000 615 protocol: TCP 616 targetPort: webhook 617 - name: metrics 618 port: 8080 619 protocol: TCP 620 targetPort: metrics 621 selector: 622 app.kubernetes.io/name: argocd-applicationset-controller 623 --- 624 apiVersion: v1 625 kind: Service 626 metadata: 627 labels: 628 app.kubernetes.io/component: dex-server 629 app.kubernetes.io/name: argocd-dex-server 630 app.kubernetes.io/part-of: argocd 631 name: argocd-dex-server 632 spec: 633 ports: 634 - appProtocol: TCP 635 name: http 636 port: 5556 637 protocol: TCP 638 targetPort: 5556 639 - name: grpc 640 port: 5557 641 protocol: TCP 642 targetPort: 5557 643 - name: metrics 644 port: 5558 645 protocol: TCP 646 targetPort: 5558 647 selector: 648 app.kubernetes.io/name: argocd-dex-server 649 --- 650 apiVersion: v1 651 kind: Service 652 metadata: 653 labels: 654 app.kubernetes.io/component: metrics 655 app.kubernetes.io/name: argocd-metrics 656 app.kubernetes.io/part-of: argocd 657 name: argocd-metrics 658 spec: 659 ports: 660 - name: metrics 661 port: 8082 662 protocol: TCP 663 targetPort: 8082 664 selector: 665 app.kubernetes.io/name: argocd-application-controller 666 --- 667 apiVersion: v1 668 kind: Service 669 metadata: 670 labels: 671 app.kubernetes.io/component: notifications-controller 672 app.kubernetes.io/name: argocd-notifications-controller-metrics 673 app.kubernetes.io/part-of: argocd 674 name: argocd-notifications-controller-metrics 675 spec: 676 ports: 677 - name: metrics 678 port: 9001 679 protocol: TCP 680 targetPort: 9001 681 selector: 682 app.kubernetes.io/name: argocd-notifications-controller 683 --- 684 apiVersion: v1 685 kind: Service 686 metadata: 687 labels: 688 app.kubernetes.io/component: redis 689 app.kubernetes.io/name: argocd-redis 690 app.kubernetes.io/part-of: argocd 691 name: argocd-redis 692 spec: 693 ports: 694 - name: tcp-redis 695 port: 6379 696 targetPort: 6379 697 selector: 698 app.kubernetes.io/name: argocd-redis 699 --- 700 apiVersion: v1 701 kind: Service 702 metadata: 703 labels: 704 app.kubernetes.io/component: repo-server 705 app.kubernetes.io/name: argocd-repo-server 706 app.kubernetes.io/part-of: argocd 707 name: argocd-repo-server 708 spec: 709 ports: 710 - name: server 711 port: 8081 712 protocol: TCP 713 targetPort: 8081 714 - name: metrics 715 port: 8084 716 protocol: TCP 717 targetPort: 8084 718 selector: 719 app.kubernetes.io/name: argocd-repo-server 720 --- 721 apiVersion: v1 722 kind: Service 723 metadata: 724 labels: 725 app.kubernetes.io/component: server 726 app.kubernetes.io/name: argocd-server 727 app.kubernetes.io/part-of: argocd 728 name: argocd-server 729 spec: 730 ports: 731 - name: http 732 port: 80 733 protocol: TCP 734 targetPort: 8080 735 - name: https 736 port: 443 737 protocol: TCP 738 targetPort: 8080 739 selector: 740 app.kubernetes.io/name: argocd-server 741 --- 742 apiVersion: v1 743 kind: Service 744 metadata: 745 labels: 746 app.kubernetes.io/component: server 747 app.kubernetes.io/name: argocd-server-metrics 748 app.kubernetes.io/part-of: argocd 749 name: argocd-server-metrics 750 spec: 751 ports: 752 - name: metrics 753 port: 8083 754 protocol: TCP 755 targetPort: 8083 756 selector: 757 app.kubernetes.io/name: argocd-server 758 --- 759 apiVersion: apps/v1 760 kind: Deployment 761 metadata: 762 labels: 763 app.kubernetes.io/component: applicationset-controller 764 app.kubernetes.io/name: argocd-applicationset-controller 765 app.kubernetes.io/part-of: argocd 766 name: argocd-applicationset-controller 767 spec: 768 selector: 769 matchLabels: 770 app.kubernetes.io/name: argocd-applicationset-controller 771 template: 772 metadata: 773 labels: 774 app.kubernetes.io/name: argocd-applicationset-controller 775 spec: 776 containers: 777 - args: 778 - /usr/local/bin/argocd-applicationset-controller 779 env: 780 - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS 781 valueFrom: 782 configMapKeyRef: 783 key: applicationsetcontroller.global.preserved.annotations 784 name: argocd-cmd-params-cm 785 optional: true 786 - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS 787 valueFrom: 788 configMapKeyRef: 789 key: applicationsetcontroller.global.preserved.labels 790 name: argocd-cmd-params-cm 791 optional: true 792 - name: NAMESPACE 793 valueFrom: 794 fieldRef: 795 fieldPath: metadata.namespace 796 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION 797 valueFrom: 798 configMapKeyRef: 799 key: applicationsetcontroller.enable.leader.election 800 name: argocd-cmd-params-cm 801 optional: true 802 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER 803 valueFrom: 804 configMapKeyRef: 805 key: repo.server 806 name: argocd-cmd-params-cm 807 optional: true 808 - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY 809 valueFrom: 810 configMapKeyRef: 811 key: applicationsetcontroller.policy 812 name: argocd-cmd-params-cm 813 optional: true 814 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE 815 valueFrom: 816 configMapKeyRef: 817 key: applicationsetcontroller.enable.policy.override 818 name: argocd-cmd-params-cm 819 optional: true 820 - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG 821 valueFrom: 822 configMapKeyRef: 823 key: applicationsetcontroller.debug 824 name: argocd-cmd-params-cm 825 optional: true 826 - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT 827 valueFrom: 828 configMapKeyRef: 829 key: applicationsetcontroller.log.format 830 name: argocd-cmd-params-cm 831 optional: true 832 - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL 833 valueFrom: 834 configMapKeyRef: 835 key: applicationsetcontroller.log.level 836 name: argocd-cmd-params-cm 837 optional: true 838 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 839 valueFrom: 840 configMapKeyRef: 841 key: log.format.timestamp 842 name: argocd-cmd-params-cm 843 optional: true 844 - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN 845 valueFrom: 846 configMapKeyRef: 847 key: applicationsetcontroller.dryrun 848 name: argocd-cmd-params-cm 849 optional: true 850 - name: ARGOCD_GIT_MODULES_ENABLED 851 valueFrom: 852 configMapKeyRef: 853 key: applicationsetcontroller.enable.git.submodule 854 name: argocd-cmd-params-cm 855 optional: true 856 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS 857 valueFrom: 858 configMapKeyRef: 859 key: applicationsetcontroller.enable.progressive.syncs 860 name: argocd-cmd-params-cm 861 optional: true 862 - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE 863 valueFrom: 864 configMapKeyRef: 865 key: applicationsetcontroller.enable.tokenref.strict.mode 866 name: argocd-cmd-params-cm 867 optional: true 868 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING 869 valueFrom: 870 configMapKeyRef: 871 key: applicationsetcontroller.enable.new.git.file.globbing 872 name: argocd-cmd-params-cm 873 optional: true 874 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT 875 valueFrom: 876 configMapKeyRef: 877 key: applicationsetcontroller.repo.server.plaintext 878 name: argocd-cmd-params-cm 879 optional: true 880 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS 881 valueFrom: 882 configMapKeyRef: 883 key: applicationsetcontroller.repo.server.strict.tls 884 name: argocd-cmd-params-cm 885 optional: true 886 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS 887 valueFrom: 888 configMapKeyRef: 889 key: applicationsetcontroller.repo.server.timeout.seconds 890 name: argocd-cmd-params-cm 891 optional: true 892 - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS 893 valueFrom: 894 configMapKeyRef: 895 key: applicationsetcontroller.concurrent.reconciliations.max 896 name: argocd-cmd-params-cm 897 optional: true 898 - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES 899 valueFrom: 900 configMapKeyRef: 901 key: applicationsetcontroller.namespaces 902 name: argocd-cmd-params-cm 903 optional: true 904 - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH 905 valueFrom: 906 configMapKeyRef: 907 key: applicationsetcontroller.scm.root.ca.path 908 name: argocd-cmd-params-cm 909 optional: true 910 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS 911 valueFrom: 912 configMapKeyRef: 913 key: applicationsetcontroller.allowed.scm.providers 914 name: argocd-cmd-params-cm 915 optional: true 916 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS 917 valueFrom: 918 configMapKeyRef: 919 key: applicationsetcontroller.enable.scm.providers 920 name: argocd-cmd-params-cm 921 optional: true 922 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS 923 valueFrom: 924 configMapKeyRef: 925 key: applicationsetcontroller.enable.github.api.metrics 926 name: argocd-cmd-params-cm 927 optional: true 928 - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT 929 valueFrom: 930 configMapKeyRef: 931 key: applicationsetcontroller.webhook.parallelism.limit 932 name: argocd-cmd-params-cm 933 optional: true 934 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER 935 valueFrom: 936 configMapKeyRef: 937 key: applicationsetcontroller.requeue.after 938 name: argocd-cmd-params-cm 939 optional: true 940 - name: ARGOCD_APPLICATIONSET_CONTROLLER_MAX_RESOURCES_STATUS_COUNT 941 valueFrom: 942 configMapKeyRef: 943 key: applicationsetcontroller.status.max.resources.count 944 name: argocd-cmd-params-cm 945 optional: true 946 image: quay.io/argoproj/argocd:v3.2.1 947 imagePullPolicy: Always 948 name: argocd-applicationset-controller 949 ports: 950 - containerPort: 7000 951 name: webhook 952 - containerPort: 8080 953 name: metrics 954 securityContext: 955 allowPrivilegeEscalation: false 956 capabilities: 957 drop: 958 - ALL 959 readOnlyRootFilesystem: true 960 runAsNonRoot: true 961 seccompProfile: 962 type: RuntimeDefault 963 volumeMounts: 964 - mountPath: /app/config/ssh 965 name: ssh-known-hosts 966 - mountPath: /app/config/tls 967 name: tls-certs 968 - mountPath: /app/config/gpg/source 969 name: gpg-keys 970 - mountPath: /app/config/gpg/keys 971 name: gpg-keyring 972 - mountPath: /tmp 973 name: tmp 974 - mountPath: /app/config/reposerver/tls 975 name: argocd-repo-server-tls 976 - mountPath: /home/argocd/params 977 name: argocd-cmd-params-cm 978 nodeSelector: 979 kubernetes.io/os: linux 980 serviceAccountName: argocd-applicationset-controller 981 volumes: 982 - configMap: 983 name: argocd-ssh-known-hosts-cm 984 name: ssh-known-hosts 985 - configMap: 986 name: argocd-tls-certs-cm 987 name: tls-certs 988 - configMap: 989 name: argocd-gpg-keys-cm 990 name: gpg-keys 991 - emptyDir: {} 992 name: gpg-keyring 993 - emptyDir: {} 994 name: tmp 995 - name: argocd-repo-server-tls 996 secret: 997 items: 998 - key: tls.crt 999 path: tls.crt 1000 - key: tls.key 1001 path: tls.key 1002 - key: ca.crt 1003 path: ca.crt 1004 optional: true 1005 secretName: argocd-repo-server-tls 1006 - configMap: 1007 items: 1008 - key: applicationsetcontroller.profile.enabled 1009 path: profiler.enabled 1010 name: argocd-cmd-params-cm 1011 optional: true 1012 name: argocd-cmd-params-cm 1013 --- 1014 apiVersion: apps/v1 1015 kind: Deployment 1016 metadata: 1017 labels: 1018 app.kubernetes.io/component: dex-server 1019 app.kubernetes.io/name: argocd-dex-server 1020 app.kubernetes.io/part-of: argocd 1021 name: argocd-dex-server 1022 spec: 1023 selector: 1024 matchLabels: 1025 app.kubernetes.io/name: argocd-dex-server 1026 template: 1027 metadata: 1028 labels: 1029 app.kubernetes.io/name: argocd-dex-server 1030 spec: 1031 affinity: 1032 podAntiAffinity: 1033 preferredDuringSchedulingIgnoredDuringExecution: 1034 - podAffinityTerm: 1035 labelSelector: 1036 matchLabels: 1037 app.kubernetes.io/part-of: argocd 1038 topologyKey: kubernetes.io/hostname 1039 weight: 5 1040 containers: 1041 - command: 1042 - /shared/argocd-dex 1043 - rundex 1044 env: 1045 - name: ARGOCD_DEX_SERVER_LOGFORMAT 1046 valueFrom: 1047 configMapKeyRef: 1048 key: dexserver.log.format 1049 name: argocd-cmd-params-cm 1050 optional: true 1051 - name: ARGOCD_DEX_SERVER_LOGLEVEL 1052 valueFrom: 1053 configMapKeyRef: 1054 key: dexserver.log.level 1055 name: argocd-cmd-params-cm 1056 optional: true 1057 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 1058 valueFrom: 1059 configMapKeyRef: 1060 key: log.format.timestamp 1061 name: argocd-cmd-params-cm 1062 optional: true 1063 - name: ARGOCD_DEX_SERVER_DISABLE_TLS 1064 valueFrom: 1065 configMapKeyRef: 1066 key: dexserver.disable.tls 1067 name: argocd-cmd-params-cm 1068 optional: true 1069 image: ghcr.io/dexidp/dex:v2.43.0 1070 imagePullPolicy: Always 1071 name: dex 1072 ports: 1073 - containerPort: 5556 1074 - containerPort: 5557 1075 - containerPort: 5558 1076 securityContext: 1077 allowPrivilegeEscalation: false 1078 capabilities: 1079 drop: 1080 - ALL 1081 readOnlyRootFilesystem: true 1082 runAsNonRoot: true 1083 seccompProfile: 1084 type: RuntimeDefault 1085 volumeMounts: 1086 - mountPath: /shared 1087 name: static-files 1088 - mountPath: /tmp 1089 name: dexconfig 1090 - mountPath: /tls 1091 name: argocd-dex-server-tls 1092 initContainers: 1093 - command: 1094 - /bin/cp 1095 - -n 1096 - /usr/local/bin/argocd 1097 - /shared/argocd-dex 1098 image: quay.io/argoproj/argocd:v3.2.1 1099 imagePullPolicy: Always 1100 name: copyutil 1101 securityContext: 1102 allowPrivilegeEscalation: false 1103 capabilities: 1104 drop: 1105 - ALL 1106 readOnlyRootFilesystem: true 1107 runAsNonRoot: true 1108 seccompProfile: 1109 type: RuntimeDefault 1110 volumeMounts: 1111 - mountPath: /shared 1112 name: static-files 1113 - mountPath: /tmp 1114 name: dexconfig 1115 nodeSelector: 1116 kubernetes.io/os: linux 1117 serviceAccountName: argocd-dex-server 1118 volumes: 1119 - emptyDir: {} 1120 name: static-files 1121 - emptyDir: {} 1122 name: dexconfig 1123 - name: argocd-dex-server-tls 1124 secret: 1125 items: 1126 - key: tls.crt 1127 path: tls.crt 1128 - key: tls.key 1129 path: tls.key 1130 - key: ca.crt 1131 path: ca.crt 1132 optional: true 1133 secretName: argocd-dex-server-tls 1134 --- 1135 apiVersion: apps/v1 1136 kind: Deployment 1137 metadata: 1138 labels: 1139 app.kubernetes.io/component: notifications-controller 1140 app.kubernetes.io/name: argocd-notifications-controller 1141 app.kubernetes.io/part-of: argocd 1142 name: argocd-notifications-controller 1143 spec: 1144 selector: 1145 matchLabels: 1146 app.kubernetes.io/name: argocd-notifications-controller 1147 strategy: 1148 type: Recreate 1149 template: 1150 metadata: 1151 labels: 1152 app.kubernetes.io/name: argocd-notifications-controller 1153 spec: 1154 containers: 1155 - args: 1156 - /usr/local/bin/argocd-notifications 1157 env: 1158 - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT 1159 valueFrom: 1160 configMapKeyRef: 1161 key: notificationscontroller.log.format 1162 name: argocd-cmd-params-cm 1163 optional: true 1164 - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL 1165 valueFrom: 1166 configMapKeyRef: 1167 key: notificationscontroller.log.level 1168 name: argocd-cmd-params-cm 1169 optional: true 1170 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 1171 valueFrom: 1172 configMapKeyRef: 1173 key: log.format.timestamp 1174 name: argocd-cmd-params-cm 1175 optional: true 1176 - name: ARGOCD_APPLICATION_NAMESPACES 1177 valueFrom: 1178 configMapKeyRef: 1179 key: application.namespaces 1180 name: argocd-cmd-params-cm 1181 optional: true 1182 - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED 1183 valueFrom: 1184 configMapKeyRef: 1185 key: notificationscontroller.selfservice.enabled 1186 name: argocd-cmd-params-cm 1187 optional: true 1188 - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT 1189 valueFrom: 1190 configMapKeyRef: 1191 key: notificationscontroller.repo.server.plaintext 1192 name: argocd-cmd-params-cm 1193 optional: true 1194 image: quay.io/argoproj/argocd:v3.2.1 1195 imagePullPolicy: Always 1196 livenessProbe: 1197 tcpSocket: 1198 port: 9001 1199 name: argocd-notifications-controller 1200 securityContext: 1201 allowPrivilegeEscalation: false 1202 capabilities: 1203 drop: 1204 - ALL 1205 readOnlyRootFilesystem: true 1206 volumeMounts: 1207 - mountPath: /app/config/tls 1208 name: tls-certs 1209 - mountPath: /app/config/reposerver/tls 1210 name: argocd-repo-server-tls 1211 workingDir: /app 1212 nodeSelector: 1213 kubernetes.io/os: linux 1214 securityContext: 1215 runAsNonRoot: true 1216 seccompProfile: 1217 type: RuntimeDefault 1218 serviceAccountName: argocd-notifications-controller 1219 volumes: 1220 - configMap: 1221 name: argocd-tls-certs-cm 1222 name: tls-certs 1223 - name: argocd-repo-server-tls 1224 secret: 1225 items: 1226 - key: tls.crt 1227 path: tls.crt 1228 - key: tls.key 1229 path: tls.key 1230 - key: ca.crt 1231 path: ca.crt 1232 optional: true 1233 secretName: argocd-repo-server-tls 1234 --- 1235 apiVersion: apps/v1 1236 kind: Deployment 1237 metadata: 1238 labels: 1239 app.kubernetes.io/component: redis 1240 app.kubernetes.io/name: argocd-redis 1241 app.kubernetes.io/part-of: argocd 1242 name: argocd-redis 1243 spec: 1244 selector: 1245 matchLabels: 1246 app.kubernetes.io/name: argocd-redis 1247 template: 1248 metadata: 1249 labels: 1250 app.kubernetes.io/name: argocd-redis 1251 spec: 1252 affinity: 1253 podAntiAffinity: 1254 preferredDuringSchedulingIgnoredDuringExecution: 1255 - podAffinityTerm: 1256 labelSelector: 1257 matchLabels: 1258 app.kubernetes.io/name: argocd-redis 1259 topologyKey: kubernetes.io/hostname 1260 weight: 100 1261 - podAffinityTerm: 1262 labelSelector: 1263 matchLabels: 1264 app.kubernetes.io/part-of: argocd 1265 topologyKey: kubernetes.io/hostname 1266 weight: 5 1267 containers: 1268 - args: 1269 - --save 1270 - "" 1271 - --appendonly 1272 - "no" 1273 - --requirepass $(REDIS_PASSWORD) 1274 env: 1275 - name: REDIS_PASSWORD 1276 valueFrom: 1277 secretKeyRef: 1278 key: auth 1279 name: argocd-redis 1280 image: public.ecr.aws/docker/library/redis:8.2.2-alpine 1281 imagePullPolicy: Always 1282 name: redis 1283 ports: 1284 - containerPort: 6379 1285 securityContext: 1286 allowPrivilegeEscalation: false 1287 capabilities: 1288 drop: 1289 - ALL 1290 readOnlyRootFilesystem: true 1291 initContainers: 1292 - command: 1293 - argocd 1294 - admin 1295 - redis-initial-password 1296 image: quay.io/argoproj/argocd:v3.2.1 1297 imagePullPolicy: IfNotPresent 1298 name: secret-init 1299 securityContext: 1300 allowPrivilegeEscalation: false 1301 capabilities: 1302 drop: 1303 - ALL 1304 readOnlyRootFilesystem: true 1305 runAsNonRoot: true 1306 seccompProfile: 1307 type: RuntimeDefault 1308 nodeSelector: 1309 kubernetes.io/os: linux 1310 securityContext: 1311 runAsNonRoot: true 1312 runAsUser: 999 1313 seccompProfile: 1314 type: RuntimeDefault 1315 serviceAccountName: argocd-redis 1316 --- 1317 apiVersion: apps/v1 1318 kind: Deployment 1319 metadata: 1320 labels: 1321 app.kubernetes.io/component: repo-server 1322 app.kubernetes.io/name: argocd-repo-server 1323 app.kubernetes.io/part-of: argocd 1324 name: argocd-repo-server 1325 spec: 1326 selector: 1327 matchLabels: 1328 app.kubernetes.io/name: argocd-repo-server 1329 template: 1330 metadata: 1331 labels: 1332 app.kubernetes.io/name: argocd-repo-server 1333 spec: 1334 affinity: 1335 podAntiAffinity: 1336 preferredDuringSchedulingIgnoredDuringExecution: 1337 - podAffinityTerm: 1338 labelSelector: 1339 matchLabels: 1340 app.kubernetes.io/name: argocd-repo-server 1341 topologyKey: kubernetes.io/hostname 1342 weight: 100 1343 - podAffinityTerm: 1344 labelSelector: 1345 matchLabels: 1346 app.kubernetes.io/part-of: argocd 1347 topologyKey: kubernetes.io/hostname 1348 weight: 5 1349 automountServiceAccountToken: false 1350 containers: 1351 - args: 1352 - /usr/local/bin/argocd-repo-server 1353 env: 1354 - name: REDIS_PASSWORD 1355 valueFrom: 1356 secretKeyRef: 1357 key: auth 1358 name: argocd-redis 1359 - name: ARGOCD_RECONCILIATION_TIMEOUT 1360 valueFrom: 1361 configMapKeyRef: 1362 key: timeout.reconciliation 1363 name: argocd-cm 1364 optional: true 1365 - name: ARGOCD_REPO_SERVER_LOGFORMAT 1366 valueFrom: 1367 configMapKeyRef: 1368 key: reposerver.log.format 1369 name: argocd-cmd-params-cm 1370 optional: true 1371 - name: ARGOCD_REPO_SERVER_LOGLEVEL 1372 valueFrom: 1373 configMapKeyRef: 1374 key: reposerver.log.level 1375 name: argocd-cmd-params-cm 1376 optional: true 1377 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 1378 valueFrom: 1379 configMapKeyRef: 1380 key: log.format.timestamp 1381 name: argocd-cmd-params-cm 1382 optional: true 1383 - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT 1384 valueFrom: 1385 configMapKeyRef: 1386 key: reposerver.parallelism.limit 1387 name: argocd-cmd-params-cm 1388 optional: true 1389 - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS 1390 valueFrom: 1391 configMapKeyRef: 1392 key: reposerver.listen.address 1393 name: argocd-cmd-params-cm 1394 optional: true 1395 - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS 1396 valueFrom: 1397 configMapKeyRef: 1398 key: reposerver.metrics.listen.address 1399 name: argocd-cmd-params-cm 1400 optional: true 1401 - name: ARGOCD_REPO_SERVER_DISABLE_TLS 1402 valueFrom: 1403 configMapKeyRef: 1404 key: reposerver.disable.tls 1405 name: argocd-cmd-params-cm 1406 optional: true 1407 - name: ARGOCD_TLS_MIN_VERSION 1408 valueFrom: 1409 configMapKeyRef: 1410 key: reposerver.tls.minversion 1411 name: argocd-cmd-params-cm 1412 optional: true 1413 - name: ARGOCD_TLS_MAX_VERSION 1414 valueFrom: 1415 configMapKeyRef: 1416 key: reposerver.tls.maxversion 1417 name: argocd-cmd-params-cm 1418 optional: true 1419 - name: ARGOCD_TLS_CIPHERS 1420 valueFrom: 1421 configMapKeyRef: 1422 key: reposerver.tls.ciphers 1423 name: argocd-cmd-params-cm 1424 optional: true 1425 - name: ARGOCD_REPO_CACHE_EXPIRATION 1426 valueFrom: 1427 configMapKeyRef: 1428 key: reposerver.repo.cache.expiration 1429 name: argocd-cmd-params-cm 1430 optional: true 1431 - name: REDIS_SERVER 1432 valueFrom: 1433 configMapKeyRef: 1434 key: redis.server 1435 name: argocd-cmd-params-cm 1436 optional: true 1437 - name: REDIS_COMPRESSION 1438 valueFrom: 1439 configMapKeyRef: 1440 key: redis.compression 1441 name: argocd-cmd-params-cm 1442 optional: true 1443 - name: REDISDB 1444 valueFrom: 1445 configMapKeyRef: 1446 key: redis.db 1447 name: argocd-cmd-params-cm 1448 optional: true 1449 - name: ARGOCD_DEFAULT_CACHE_EXPIRATION 1450 valueFrom: 1451 configMapKeyRef: 1452 key: reposerver.default.cache.expiration 1453 name: argocd-cmd-params-cm 1454 optional: true 1455 - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS 1456 valueFrom: 1457 configMapKeyRef: 1458 key: otlp.address 1459 name: argocd-cmd-params-cm 1460 optional: true 1461 - name: ARGOCD_REPO_SERVER_OTLP_INSECURE 1462 valueFrom: 1463 configMapKeyRef: 1464 key: otlp.insecure 1465 name: argocd-cmd-params-cm 1466 optional: true 1467 - name: ARGOCD_REPO_SERVER_OTLP_HEADERS 1468 valueFrom: 1469 configMapKeyRef: 1470 key: otlp.headers 1471 name: argocd-cmd-params-cm 1472 optional: true 1473 - name: ARGOCD_REPO_SERVER_OTLP_ATTRS 1474 valueFrom: 1475 configMapKeyRef: 1476 key: otlp.attrs 1477 name: argocd-cmd-params-cm 1478 optional: true 1479 - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE 1480 valueFrom: 1481 configMapKeyRef: 1482 key: reposerver.max.combined.directory.manifests.size 1483 name: argocd-cmd-params-cm 1484 optional: true 1485 - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS 1486 valueFrom: 1487 configMapKeyRef: 1488 key: reposerver.plugin.tar.exclusions 1489 name: argocd-cmd-params-cm 1490 optional: true 1491 - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS 1492 valueFrom: 1493 configMapKeyRef: 1494 key: reposerver.plugin.use.manifest.generate.paths 1495 name: argocd-cmd-params-cm 1496 optional: true 1497 - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS 1498 valueFrom: 1499 configMapKeyRef: 1500 key: reposerver.allow.oob.symlinks 1501 name: argocd-cmd-params-cm 1502 optional: true 1503 - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE 1504 valueFrom: 1505 configMapKeyRef: 1506 key: reposerver.streamed.manifest.max.tar.size 1507 name: argocd-cmd-params-cm 1508 optional: true 1509 - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE 1510 valueFrom: 1511 configMapKeyRef: 1512 key: reposerver.streamed.manifest.max.extracted.size 1513 name: argocd-cmd-params-cm 1514 optional: true 1515 - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE 1516 valueFrom: 1517 configMapKeyRef: 1518 key: reposerver.helm.manifest.max.extracted.size 1519 name: argocd-cmd-params-cm 1520 optional: true 1521 - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE 1522 valueFrom: 1523 configMapKeyRef: 1524 key: reposerver.disable.helm.manifest.max.extracted.size 1525 name: argocd-cmd-params-cm 1526 optional: true 1527 - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE 1528 valueFrom: 1529 configMapKeyRef: 1530 key: reposerver.oci.manifest.max.extracted.size 1531 name: argocd-cmd-params-cm 1532 optional: true 1533 - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE 1534 valueFrom: 1535 configMapKeyRef: 1536 key: reposerver.disable.oci.manifest.max.extracted.size 1537 name: argocd-cmd-params-cm 1538 optional: true 1539 - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES 1540 valueFrom: 1541 configMapKeyRef: 1542 key: reposerver.oci.layer.media.types 1543 name: argocd-cmd-params-cm 1544 optional: true 1545 - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT 1546 valueFrom: 1547 configMapKeyRef: 1548 key: reposerver.revision.cache.lock.timeout 1549 name: argocd-cmd-params-cm 1550 optional: true 1551 - name: ARGOCD_GIT_MODULES_ENABLED 1552 valueFrom: 1553 configMapKeyRef: 1554 key: reposerver.enable.git.submodule 1555 name: argocd-cmd-params-cm 1556 optional: true 1557 - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT 1558 valueFrom: 1559 configMapKeyRef: 1560 key: reposerver.git.lsremote.parallelism.limit 1561 name: argocd-cmd-params-cm 1562 optional: true 1563 - name: ARGOCD_GIT_REQUEST_TIMEOUT 1564 valueFrom: 1565 configMapKeyRef: 1566 key: reposerver.git.request.timeout 1567 name: argocd-cmd-params-cm 1568 optional: true 1569 - name: ARGOCD_REPO_SERVER_ENABLE_BUILTIN_GIT_CONFIG 1570 valueFrom: 1571 configMapKeyRef: 1572 key: reposerver.enable.builtin.git.config 1573 name: argocd-cmd-params-cm 1574 optional: true 1575 - name: ARGOCD_GRPC_MAX_SIZE_MB 1576 valueFrom: 1577 configMapKeyRef: 1578 key: reposerver.grpc.max.size 1579 name: argocd-cmd-params-cm 1580 optional: true 1581 - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES 1582 valueFrom: 1583 configMapKeyRef: 1584 key: reposerver.include.hidden.directories 1585 name: argocd-cmd-params-cm 1586 optional: true 1587 - name: HELM_CACHE_HOME 1588 value: /helm-working-dir 1589 - name: HELM_CONFIG_HOME 1590 value: /helm-working-dir 1591 - name: HELM_DATA_HOME 1592 value: /helm-working-dir 1593 image: quay.io/argoproj/argocd:v3.2.1 1594 imagePullPolicy: Always 1595 livenessProbe: 1596 failureThreshold: 3 1597 httpGet: 1598 path: /healthz?full=true 1599 port: 8084 1600 initialDelaySeconds: 30 1601 periodSeconds: 30 1602 timeoutSeconds: 5 1603 name: argocd-repo-server 1604 ports: 1605 - containerPort: 8081 1606 - containerPort: 8084 1607 readinessProbe: 1608 httpGet: 1609 path: /healthz 1610 port: 8084 1611 initialDelaySeconds: 5 1612 periodSeconds: 10 1613 securityContext: 1614 allowPrivilegeEscalation: false 1615 capabilities: 1616 drop: 1617 - ALL 1618 readOnlyRootFilesystem: true 1619 runAsNonRoot: true 1620 seccompProfile: 1621 type: RuntimeDefault 1622 volumeMounts: 1623 - mountPath: /app/config/ssh 1624 name: ssh-known-hosts 1625 - mountPath: /app/config/tls 1626 name: tls-certs 1627 - mountPath: /app/config/gpg/source 1628 name: gpg-keys 1629 - mountPath: /app/config/gpg/keys 1630 name: gpg-keyring 1631 - mountPath: /app/config/reposerver/tls 1632 name: argocd-repo-server-tls 1633 - mountPath: /tmp 1634 name: tmp 1635 - mountPath: /helm-working-dir 1636 name: helm-working-dir 1637 - mountPath: /home/argocd/cmp-server/plugins 1638 name: plugins 1639 initContainers: 1640 - command: 1641 - /bin/cp 1642 - -n 1643 - /usr/local/bin/argocd 1644 - /var/run/argocd/argocd-cmp-server 1645 image: quay.io/argoproj/argocd:v3.2.1 1646 name: copyutil 1647 securityContext: 1648 allowPrivilegeEscalation: false 1649 capabilities: 1650 drop: 1651 - ALL 1652 readOnlyRootFilesystem: true 1653 runAsNonRoot: true 1654 seccompProfile: 1655 type: RuntimeDefault 1656 volumeMounts: 1657 - mountPath: /var/run/argocd 1658 name: var-files 1659 nodeSelector: 1660 kubernetes.io/os: linux 1661 serviceAccountName: argocd-repo-server 1662 volumes: 1663 - configMap: 1664 name: argocd-ssh-known-hosts-cm 1665 name: ssh-known-hosts 1666 - configMap: 1667 name: argocd-tls-certs-cm 1668 name: tls-certs 1669 - configMap: 1670 name: argocd-gpg-keys-cm 1671 name: gpg-keys 1672 - emptyDir: {} 1673 name: gpg-keyring 1674 - emptyDir: {} 1675 name: tmp 1676 - emptyDir: {} 1677 name: helm-working-dir 1678 - name: argocd-repo-server-tls 1679 secret: 1680 items: 1681 - key: tls.crt 1682 path: tls.crt 1683 - key: tls.key 1684 path: tls.key 1685 - key: ca.crt 1686 path: ca.crt 1687 optional: true 1688 secretName: argocd-repo-server-tls 1689 - emptyDir: {} 1690 name: var-files 1691 - emptyDir: {} 1692 name: plugins 1693 --- 1694 apiVersion: apps/v1 1695 kind: Deployment 1696 metadata: 1697 labels: 1698 app.kubernetes.io/component: server 1699 app.kubernetes.io/name: argocd-server 1700 app.kubernetes.io/part-of: argocd 1701 name: argocd-server 1702 spec: 1703 selector: 1704 matchLabels: 1705 app.kubernetes.io/name: argocd-server 1706 template: 1707 metadata: 1708 labels: 1709 app.kubernetes.io/name: argocd-server 1710 spec: 1711 affinity: 1712 podAntiAffinity: 1713 preferredDuringSchedulingIgnoredDuringExecution: 1714 - podAffinityTerm: 1715 labelSelector: 1716 matchLabels: 1717 app.kubernetes.io/name: argocd-server 1718 topologyKey: kubernetes.io/hostname 1719 weight: 100 1720 - podAffinityTerm: 1721 labelSelector: 1722 matchLabels: 1723 app.kubernetes.io/part-of: argocd 1724 topologyKey: kubernetes.io/hostname 1725 weight: 5 1726 containers: 1727 - args: 1728 - /usr/local/bin/argocd-server 1729 env: 1730 - name: REDIS_PASSWORD 1731 valueFrom: 1732 secretKeyRef: 1733 key: auth 1734 name: argocd-redis 1735 - name: ARGOCD_SERVER_INSECURE 1736 valueFrom: 1737 configMapKeyRef: 1738 key: server.insecure 1739 name: argocd-cmd-params-cm 1740 optional: true 1741 - name: ARGOCD_SERVER_BASEHREF 1742 valueFrom: 1743 configMapKeyRef: 1744 key: server.basehref 1745 name: argocd-cmd-params-cm 1746 optional: true 1747 - name: ARGOCD_SERVER_ROOTPATH 1748 valueFrom: 1749 configMapKeyRef: 1750 key: server.rootpath 1751 name: argocd-cmd-params-cm 1752 optional: true 1753 - name: ARGOCD_SERVER_LOGFORMAT 1754 valueFrom: 1755 configMapKeyRef: 1756 key: server.log.format 1757 name: argocd-cmd-params-cm 1758 optional: true 1759 - name: ARGOCD_SERVER_LOG_LEVEL 1760 valueFrom: 1761 configMapKeyRef: 1762 key: server.log.level 1763 name: argocd-cmd-params-cm 1764 optional: true 1765 - name: ARGOCD_SERVER_REPO_SERVER 1766 valueFrom: 1767 configMapKeyRef: 1768 key: repo.server 1769 name: argocd-cmd-params-cm 1770 optional: true 1771 - name: ARGOCD_SERVER_DEX_SERVER 1772 valueFrom: 1773 configMapKeyRef: 1774 key: server.dex.server 1775 name: argocd-cmd-params-cm 1776 optional: true 1777 - name: ARGOCD_SERVER_DISABLE_AUTH 1778 valueFrom: 1779 configMapKeyRef: 1780 key: server.disable.auth 1781 name: argocd-cmd-params-cm 1782 optional: true 1783 - name: ARGOCD_SERVER_ENABLE_GZIP 1784 valueFrom: 1785 configMapKeyRef: 1786 key: server.enable.gzip 1787 name: argocd-cmd-params-cm 1788 optional: true 1789 - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS 1790 valueFrom: 1791 configMapKeyRef: 1792 key: server.repo.server.timeout.seconds 1793 name: argocd-cmd-params-cm 1794 optional: true 1795 - name: ARGOCD_SERVER_X_FRAME_OPTIONS 1796 valueFrom: 1797 configMapKeyRef: 1798 key: server.x.frame.options 1799 name: argocd-cmd-params-cm 1800 optional: true 1801 - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY 1802 valueFrom: 1803 configMapKeyRef: 1804 key: server.content.security.policy 1805 name: argocd-cmd-params-cm 1806 optional: true 1807 - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT 1808 valueFrom: 1809 configMapKeyRef: 1810 key: server.repo.server.plaintext 1811 name: argocd-cmd-params-cm 1812 optional: true 1813 - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS 1814 valueFrom: 1815 configMapKeyRef: 1816 key: server.repo.server.strict.tls 1817 name: argocd-cmd-params-cm 1818 optional: true 1819 - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT 1820 valueFrom: 1821 configMapKeyRef: 1822 key: server.dex.server.plaintext 1823 name: argocd-cmd-params-cm 1824 optional: true 1825 - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS 1826 valueFrom: 1827 configMapKeyRef: 1828 key: server.dex.server.strict.tls 1829 name: argocd-cmd-params-cm 1830 optional: true 1831 - name: ARGOCD_TLS_MIN_VERSION 1832 valueFrom: 1833 configMapKeyRef: 1834 key: server.tls.minversion 1835 name: argocd-cmd-params-cm 1836 optional: true 1837 - name: ARGOCD_TLS_MAX_VERSION 1838 valueFrom: 1839 configMapKeyRef: 1840 key: server.tls.maxversion 1841 name: argocd-cmd-params-cm 1842 optional: true 1843 - name: ARGOCD_TLS_CIPHERS 1844 valueFrom: 1845 configMapKeyRef: 1846 key: server.tls.ciphers 1847 name: argocd-cmd-params-cm 1848 optional: true 1849 - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION 1850 valueFrom: 1851 configMapKeyRef: 1852 key: server.connection.status.cache.expiration 1853 name: argocd-cmd-params-cm 1854 optional: true 1855 - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION 1856 valueFrom: 1857 configMapKeyRef: 1858 key: server.oidc.cache.expiration 1859 name: argocd-cmd-params-cm 1860 optional: true 1861 - name: ARGOCD_SERVER_STATIC_ASSETS 1862 valueFrom: 1863 configMapKeyRef: 1864 key: server.staticassets 1865 name: argocd-cmd-params-cm 1866 optional: true 1867 - name: ARGOCD_APP_STATE_CACHE_EXPIRATION 1868 valueFrom: 1869 configMapKeyRef: 1870 key: server.app.state.cache.expiration 1871 name: argocd-cmd-params-cm 1872 optional: true 1873 - name: REDIS_SERVER 1874 valueFrom: 1875 configMapKeyRef: 1876 key: redis.server 1877 name: argocd-cmd-params-cm 1878 optional: true 1879 - name: REDIS_COMPRESSION 1880 valueFrom: 1881 configMapKeyRef: 1882 key: redis.compression 1883 name: argocd-cmd-params-cm 1884 optional: true 1885 - name: REDISDB 1886 valueFrom: 1887 configMapKeyRef: 1888 key: redis.db 1889 name: argocd-cmd-params-cm 1890 optional: true 1891 - name: ARGOCD_DEFAULT_CACHE_EXPIRATION 1892 valueFrom: 1893 configMapKeyRef: 1894 key: server.default.cache.expiration 1895 name: argocd-cmd-params-cm 1896 optional: true 1897 - name: ARGOCD_MAX_COOKIE_NUMBER 1898 valueFrom: 1899 configMapKeyRef: 1900 key: server.http.cookie.maxnumber 1901 name: argocd-cmd-params-cm 1902 optional: true 1903 - name: ARGOCD_SERVER_LISTEN_ADDRESS 1904 valueFrom: 1905 configMapKeyRef: 1906 key: server.listen.address 1907 name: argocd-cmd-params-cm 1908 optional: true 1909 - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS 1910 valueFrom: 1911 configMapKeyRef: 1912 key: server.metrics.listen.address 1913 name: argocd-cmd-params-cm 1914 optional: true 1915 - name: ARGOCD_SERVER_OTLP_ADDRESS 1916 valueFrom: 1917 configMapKeyRef: 1918 key: otlp.address 1919 name: argocd-cmd-params-cm 1920 optional: true 1921 - name: ARGOCD_SERVER_OTLP_INSECURE 1922 valueFrom: 1923 configMapKeyRef: 1924 key: otlp.insecure 1925 name: argocd-cmd-params-cm 1926 optional: true 1927 - name: ARGOCD_SERVER_OTLP_HEADERS 1928 valueFrom: 1929 configMapKeyRef: 1930 key: otlp.headers 1931 name: argocd-cmd-params-cm 1932 optional: true 1933 - name: ARGOCD_SERVER_OTLP_ATTRS 1934 valueFrom: 1935 configMapKeyRef: 1936 key: otlp.attrs 1937 name: argocd-cmd-params-cm 1938 optional: true 1939 - name: ARGOCD_APPLICATION_NAMESPACES 1940 valueFrom: 1941 configMapKeyRef: 1942 key: application.namespaces 1943 name: argocd-cmd-params-cm 1944 optional: true 1945 - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION 1946 valueFrom: 1947 configMapKeyRef: 1948 key: server.enable.proxy.extension 1949 name: argocd-cmd-params-cm 1950 optional: true 1951 - name: ARGOCD_K8SCLIENT_RETRY_MAX 1952 valueFrom: 1953 configMapKeyRef: 1954 key: server.k8sclient.retry.max 1955 name: argocd-cmd-params-cm 1956 optional: true 1957 - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF 1958 valueFrom: 1959 configMapKeyRef: 1960 key: server.k8sclient.retry.base.backoff 1961 name: argocd-cmd-params-cm 1962 optional: true 1963 - name: ARGOCD_API_CONTENT_TYPES 1964 valueFrom: 1965 configMapKeyRef: 1966 key: server.api.content.types 1967 name: argocd-cmd-params-cm 1968 optional: true 1969 - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT 1970 valueFrom: 1971 configMapKeyRef: 1972 key: server.webhook.parallelism.limit 1973 name: argocd-cmd-params-cm 1974 optional: true 1975 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING 1976 valueFrom: 1977 configMapKeyRef: 1978 key: applicationsetcontroller.enable.new.git.file.globbing 1979 name: argocd-cmd-params-cm 1980 optional: true 1981 - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH 1982 valueFrom: 1983 configMapKeyRef: 1984 key: applicationsetcontroller.scm.root.ca.path 1985 name: argocd-cmd-params-cm 1986 optional: true 1987 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS 1988 valueFrom: 1989 configMapKeyRef: 1990 key: applicationsetcontroller.allowed.scm.providers 1991 name: argocd-cmd-params-cm 1992 optional: true 1993 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS 1994 valueFrom: 1995 configMapKeyRef: 1996 key: applicationsetcontroller.enable.scm.providers 1997 name: argocd-cmd-params-cm 1998 optional: true 1999 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS 2000 valueFrom: 2001 configMapKeyRef: 2002 key: applicationsetcontroller.enable.github.api.metrics 2003 name: argocd-cmd-params-cm 2004 optional: true 2005 - name: ARGOCD_HYDRATOR_ENABLED 2006 valueFrom: 2007 configMapKeyRef: 2008 key: hydrator.enabled 2009 name: argocd-cmd-params-cm 2010 optional: true 2011 - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED 2012 valueFrom: 2013 configMapKeyRef: 2014 key: server.sync.replace.allowed 2015 name: argocd-cmd-params-cm 2016 optional: true 2017 image: quay.io/argoproj/argocd:v3.2.1 2018 imagePullPolicy: Always 2019 livenessProbe: 2020 httpGet: 2021 path: /healthz?full=true 2022 port: 8080 2023 initialDelaySeconds: 3 2024 periodSeconds: 30 2025 timeoutSeconds: 5 2026 name: argocd-server 2027 ports: 2028 - containerPort: 8080 2029 - containerPort: 8083 2030 readinessProbe: 2031 httpGet: 2032 path: /healthz 2033 port: 8080 2034 initialDelaySeconds: 3 2035 periodSeconds: 30 2036 securityContext: 2037 allowPrivilegeEscalation: false 2038 capabilities: 2039 drop: 2040 - ALL 2041 readOnlyRootFilesystem: true 2042 runAsNonRoot: true 2043 seccompProfile: 2044 type: RuntimeDefault 2045 volumeMounts: 2046 - mountPath: /app/config/ssh 2047 name: ssh-known-hosts 2048 - mountPath: /app/config/tls 2049 name: tls-certs 2050 - mountPath: /app/config/server/tls 2051 name: argocd-repo-server-tls 2052 - mountPath: /app/config/dex/tls 2053 name: argocd-dex-server-tls 2054 - mountPath: /home/argocd 2055 name: plugins-home 2056 - mountPath: /tmp 2057 name: tmp 2058 - mountPath: /home/argocd/params 2059 name: argocd-cmd-params-cm 2060 nodeSelector: 2061 kubernetes.io/os: linux 2062 serviceAccountName: argocd-server 2063 volumes: 2064 - emptyDir: {} 2065 name: plugins-home 2066 - emptyDir: {} 2067 name: tmp 2068 - configMap: 2069 name: argocd-ssh-known-hosts-cm 2070 name: ssh-known-hosts 2071 - configMap: 2072 name: argocd-tls-certs-cm 2073 name: tls-certs 2074 - name: argocd-repo-server-tls 2075 secret: 2076 items: 2077 - key: tls.crt 2078 path: tls.crt 2079 - key: tls.key 2080 path: tls.key 2081 - key: ca.crt 2082 path: ca.crt 2083 optional: true 2084 secretName: argocd-repo-server-tls 2085 - name: argocd-dex-server-tls 2086 secret: 2087 items: 2088 - key: tls.crt 2089 path: tls.crt 2090 - key: ca.crt 2091 path: ca.crt 2092 optional: true 2093 secretName: argocd-dex-server-tls 2094 - configMap: 2095 items: 2096 - key: server.profile.enabled 2097 path: profiler.enabled 2098 name: argocd-cmd-params-cm 2099 optional: true 2100 name: argocd-cmd-params-cm 2101 --- 2102 apiVersion: apps/v1 2103 kind: StatefulSet 2104 metadata: 2105 labels: 2106 app.kubernetes.io/component: application-controller 2107 app.kubernetes.io/name: argocd-application-controller 2108 app.kubernetes.io/part-of: argocd 2109 name: argocd-application-controller 2110 spec: 2111 replicas: 1 2112 selector: 2113 matchLabels: 2114 app.kubernetes.io/name: argocd-application-controller 2115 serviceName: argocd-application-controller 2116 template: 2117 metadata: 2118 labels: 2119 app.kubernetes.io/name: argocd-application-controller 2120 spec: 2121 affinity: 2122 podAntiAffinity: 2123 preferredDuringSchedulingIgnoredDuringExecution: 2124 - podAffinityTerm: 2125 labelSelector: 2126 matchLabels: 2127 app.kubernetes.io/name: argocd-application-controller 2128 topologyKey: kubernetes.io/hostname 2129 weight: 100 2130 - podAffinityTerm: 2131 labelSelector: 2132 matchLabels: 2133 app.kubernetes.io/part-of: argocd 2134 topologyKey: kubernetes.io/hostname 2135 weight: 5 2136 containers: 2137 - args: 2138 - /usr/local/bin/argocd-application-controller 2139 env: 2140 - name: REDIS_PASSWORD 2141 valueFrom: 2142 secretKeyRef: 2143 key: auth 2144 name: argocd-redis 2145 - name: ARGOCD_CONTROLLER_REPLICAS 2146 value: "1" 2147 - name: ARGOCD_RECONCILIATION_TIMEOUT 2148 valueFrom: 2149 configMapKeyRef: 2150 key: timeout.reconciliation 2151 name: argocd-cm 2152 optional: true 2153 - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT 2154 valueFrom: 2155 configMapKeyRef: 2156 key: timeout.hard.reconciliation 2157 name: argocd-cm 2158 optional: true 2159 - name: ARGOCD_RECONCILIATION_JITTER 2160 valueFrom: 2161 configMapKeyRef: 2162 key: timeout.reconciliation.jitter 2163 name: argocd-cm 2164 optional: true 2165 - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS 2166 valueFrom: 2167 configMapKeyRef: 2168 key: controller.repo.error.grace.period.seconds 2169 name: argocd-cmd-params-cm 2170 optional: true 2171 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER 2172 valueFrom: 2173 configMapKeyRef: 2174 key: repo.server 2175 name: argocd-cmd-params-cm 2176 optional: true 2177 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS 2178 valueFrom: 2179 configMapKeyRef: 2180 key: controller.repo.server.timeout.seconds 2181 name: argocd-cmd-params-cm 2182 optional: true 2183 - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS 2184 valueFrom: 2185 configMapKeyRef: 2186 key: controller.status.processors 2187 name: argocd-cmd-params-cm 2188 optional: true 2189 - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS 2190 valueFrom: 2191 configMapKeyRef: 2192 key: controller.operation.processors 2193 name: argocd-cmd-params-cm 2194 optional: true 2195 - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT 2196 valueFrom: 2197 configMapKeyRef: 2198 key: controller.log.format 2199 name: argocd-cmd-params-cm 2200 optional: true 2201 - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL 2202 valueFrom: 2203 configMapKeyRef: 2204 key: controller.log.level 2205 name: argocd-cmd-params-cm 2206 optional: true 2207 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 2208 valueFrom: 2209 configMapKeyRef: 2210 key: log.format.timestamp 2211 name: argocd-cmd-params-cm 2212 optional: true 2213 - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION 2214 valueFrom: 2215 configMapKeyRef: 2216 key: controller.metrics.cache.expiration 2217 name: argocd-cmd-params-cm 2218 optional: true 2219 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS 2220 valueFrom: 2221 configMapKeyRef: 2222 key: controller.self.heal.timeout.seconds 2223 name: argocd-cmd-params-cm 2224 optional: true 2225 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS 2226 valueFrom: 2227 configMapKeyRef: 2228 key: controller.self.heal.backoff.timeout.seconds 2229 name: argocd-cmd-params-cm 2230 optional: true 2231 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR 2232 valueFrom: 2233 configMapKeyRef: 2234 key: controller.self.heal.backoff.factor 2235 name: argocd-cmd-params-cm 2236 optional: true 2237 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS 2238 valueFrom: 2239 configMapKeyRef: 2240 key: controller.self.heal.backoff.cap.seconds 2241 name: argocd-cmd-params-cm 2242 optional: true 2243 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS 2244 valueFrom: 2245 configMapKeyRef: 2246 key: controller.self.heal.backoff.cooldown.seconds 2247 name: argocd-cmd-params-cm 2248 optional: true 2249 - name: ARGOCD_SYNC_WAVE_DELAY 2250 valueFrom: 2251 configMapKeyRef: 2252 key: controller.sync.wave.delay.seconds 2253 name: argocd-cmd-params-cm 2254 optional: true 2255 - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT 2256 valueFrom: 2257 configMapKeyRef: 2258 key: controller.sync.timeout.seconds 2259 name: argocd-cmd-params-cm 2260 optional: true 2261 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT 2262 valueFrom: 2263 configMapKeyRef: 2264 key: controller.repo.server.plaintext 2265 name: argocd-cmd-params-cm 2266 optional: true 2267 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS 2268 valueFrom: 2269 configMapKeyRef: 2270 key: controller.repo.server.strict.tls 2271 name: argocd-cmd-params-cm 2272 optional: true 2273 - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH 2274 valueFrom: 2275 configMapKeyRef: 2276 key: controller.resource.health.persist 2277 name: argocd-cmd-params-cm 2278 optional: true 2279 - name: ARGOCD_APP_STATE_CACHE_EXPIRATION 2280 valueFrom: 2281 configMapKeyRef: 2282 key: controller.app.state.cache.expiration 2283 name: argocd-cmd-params-cm 2284 optional: true 2285 - name: REDIS_SERVER 2286 valueFrom: 2287 configMapKeyRef: 2288 key: redis.server 2289 name: argocd-cmd-params-cm 2290 optional: true 2291 - name: REDIS_COMPRESSION 2292 valueFrom: 2293 configMapKeyRef: 2294 key: redis.compression 2295 name: argocd-cmd-params-cm 2296 optional: true 2297 - name: REDISDB 2298 valueFrom: 2299 configMapKeyRef: 2300 key: redis.db 2301 name: argocd-cmd-params-cm 2302 optional: true 2303 - name: ARGOCD_DEFAULT_CACHE_EXPIRATION 2304 valueFrom: 2305 configMapKeyRef: 2306 key: controller.default.cache.expiration 2307 name: argocd-cmd-params-cm 2308 optional: true 2309 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS 2310 valueFrom: 2311 configMapKeyRef: 2312 key: otlp.address 2313 name: argocd-cmd-params-cm 2314 optional: true 2315 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE 2316 valueFrom: 2317 configMapKeyRef: 2318 key: otlp.insecure 2319 name: argocd-cmd-params-cm 2320 optional: true 2321 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS 2322 valueFrom: 2323 configMapKeyRef: 2324 key: otlp.headers 2325 name: argocd-cmd-params-cm 2326 optional: true 2327 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS 2328 valueFrom: 2329 configMapKeyRef: 2330 key: otlp.attrs 2331 name: argocd-cmd-params-cm 2332 optional: true 2333 - name: ARGOCD_APPLICATION_NAMESPACES 2334 valueFrom: 2335 configMapKeyRef: 2336 key: application.namespaces 2337 name: argocd-cmd-params-cm 2338 optional: true 2339 - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM 2340 valueFrom: 2341 configMapKeyRef: 2342 key: controller.sharding.algorithm 2343 name: argocd-cmd-params-cm 2344 optional: true 2345 - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT 2346 valueFrom: 2347 configMapKeyRef: 2348 key: controller.kubectl.parallelism.limit 2349 name: argocd-cmd-params-cm 2350 optional: true 2351 - name: ARGOCD_K8SCLIENT_RETRY_MAX 2352 valueFrom: 2353 configMapKeyRef: 2354 key: controller.k8sclient.retry.max 2355 name: argocd-cmd-params-cm 2356 optional: true 2357 - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF 2358 valueFrom: 2359 configMapKeyRef: 2360 key: controller.k8sclient.retry.base.backoff 2361 name: argocd-cmd-params-cm 2362 optional: true 2363 - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF 2364 valueFrom: 2365 configMapKeyRef: 2366 key: controller.diff.server.side 2367 name: argocd-cmd-params-cm 2368 optional: true 2369 - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT 2370 valueFrom: 2371 configMapKeyRef: 2372 key: controller.ignore.normalizer.jq.timeout 2373 name: argocd-cmd-params-cm 2374 optional: true 2375 - name: ARGOCD_HYDRATOR_ENABLED 2376 valueFrom: 2377 configMapKeyRef: 2378 key: hydrator.enabled 2379 name: argocd-cmd-params-cm 2380 optional: true 2381 - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING 2382 valueFrom: 2383 configMapKeyRef: 2384 key: controller.cluster.cache.batch.events.processing 2385 name: argocd-cmd-params-cm 2386 optional: true 2387 - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL 2388 valueFrom: 2389 configMapKeyRef: 2390 key: controller.cluster.cache.events.processing.interval 2391 name: argocd-cmd-params-cm 2392 optional: true 2393 - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER 2394 valueFrom: 2395 configMapKeyRef: 2396 key: commit.server 2397 name: argocd-cmd-params-cm 2398 optional: true 2399 - name: KUBECACHEDIR 2400 value: /tmp/kubecache 2401 image: quay.io/argoproj/argocd:v3.2.1 2402 imagePullPolicy: Always 2403 name: argocd-application-controller 2404 ports: 2405 - containerPort: 8082 2406 readinessProbe: 2407 httpGet: 2408 path: /healthz 2409 port: 8082 2410 initialDelaySeconds: 5 2411 periodSeconds: 10 2412 securityContext: 2413 allowPrivilegeEscalation: false 2414 capabilities: 2415 drop: 2416 - ALL 2417 readOnlyRootFilesystem: true 2418 runAsNonRoot: true 2419 seccompProfile: 2420 type: RuntimeDefault 2421 volumeMounts: 2422 - mountPath: /app/config/controller/tls 2423 name: argocd-repo-server-tls 2424 - mountPath: /home/argocd 2425 name: argocd-home 2426 - mountPath: /home/argocd/params 2427 name: argocd-cmd-params-cm 2428 - mountPath: /tmp 2429 name: argocd-application-controller-tmp 2430 workingDir: /home/argocd 2431 nodeSelector: 2432 kubernetes.io/os: linux 2433 serviceAccountName: argocd-application-controller 2434 volumes: 2435 - emptyDir: {} 2436 name: argocd-home 2437 - emptyDir: {} 2438 name: argocd-application-controller-tmp 2439 - name: argocd-repo-server-tls 2440 secret: 2441 items: 2442 - key: tls.crt 2443 path: tls.crt 2444 - key: tls.key 2445 path: tls.key 2446 - key: ca.crt 2447 path: ca.crt 2448 optional: true 2449 secretName: argocd-repo-server-tls 2450 - configMap: 2451 items: 2452 - key: controller.profile.enabled 2453 path: profiler.enabled 2454 name: argocd-cmd-params-cm 2455 optional: true 2456 name: argocd-cmd-params-cm 2457 --- 2458 apiVersion: networking.k8s.io/v1 2459 kind: NetworkPolicy 2460 metadata: 2461 labels: 2462 app.kubernetes.io/component: application-controller 2463 app.kubernetes.io/name: argocd-application-controller 2464 app.kubernetes.io/part-of: argocd 2465 name: argocd-application-controller-network-policy 2466 spec: 2467 ingress: 2468 - from: 2469 - namespaceSelector: {} 2470 ports: 2471 - port: 8082 2472 podSelector: 2473 matchLabels: 2474 app.kubernetes.io/name: argocd-application-controller 2475 policyTypes: 2476 - Ingress 2477 --- 2478 apiVersion: networking.k8s.io/v1 2479 kind: NetworkPolicy 2480 metadata: 2481 labels: 2482 app.kubernetes.io/component: applicationset-controller 2483 app.kubernetes.io/name: argocd-applicationset-controller 2484 app.kubernetes.io/part-of: argocd 2485 name: argocd-applicationset-controller-network-policy 2486 spec: 2487 ingress: 2488 - from: 2489 - namespaceSelector: {} 2490 ports: 2491 - port: 7000 2492 protocol: TCP 2493 - port: 8080 2494 protocol: TCP 2495 podSelector: 2496 matchLabels: 2497 app.kubernetes.io/name: argocd-applicationset-controller 2498 policyTypes: 2499 - Ingress 2500 --- 2501 apiVersion: networking.k8s.io/v1 2502 kind: NetworkPolicy 2503 metadata: 2504 labels: 2505 app.kubernetes.io/component: dex-server 2506 app.kubernetes.io/name: argocd-dex-server 2507 app.kubernetes.io/part-of: argocd 2508 name: argocd-dex-server-network-policy 2509 spec: 2510 ingress: 2511 - from: 2512 - podSelector: 2513 matchLabels: 2514 app.kubernetes.io/name: argocd-server 2515 ports: 2516 - port: 5556 2517 protocol: TCP 2518 - port: 5557 2519 protocol: TCP 2520 - from: 2521 - namespaceSelector: {} 2522 ports: 2523 - port: 5558 2524 protocol: TCP 2525 podSelector: 2526 matchLabels: 2527 app.kubernetes.io/name: argocd-dex-server 2528 policyTypes: 2529 - Ingress 2530 --- 2531 apiVersion: networking.k8s.io/v1 2532 kind: NetworkPolicy 2533 metadata: 2534 labels: 2535 app.kubernetes.io/component: notifications-controller 2536 app.kubernetes.io/name: argocd-notifications-controller 2537 app.kubernetes.io/part-of: argocd 2538 name: argocd-notifications-controller-network-policy 2539 spec: 2540 ingress: 2541 - from: 2542 - namespaceSelector: {} 2543 ports: 2544 - port: 9001 2545 protocol: TCP 2546 podSelector: 2547 matchLabels: 2548 app.kubernetes.io/name: argocd-notifications-controller 2549 policyTypes: 2550 - Ingress 2551 --- 2552 apiVersion: networking.k8s.io/v1 2553 kind: NetworkPolicy 2554 metadata: 2555 labels: 2556 app.kubernetes.io/component: redis 2557 app.kubernetes.io/name: argocd-redis 2558 app.kubernetes.io/part-of: argocd 2559 name: argocd-redis-network-policy 2560 spec: 2561 ingress: 2562 - from: 2563 - podSelector: 2564 matchLabels: 2565 app.kubernetes.io/name: argocd-server 2566 - podSelector: 2567 matchLabels: 2568 app.kubernetes.io/name: argocd-repo-server 2569 - podSelector: 2570 matchLabels: 2571 app.kubernetes.io/name: argocd-application-controller 2572 ports: 2573 - port: 6379 2574 protocol: TCP 2575 podSelector: 2576 matchLabels: 2577 app.kubernetes.io/name: argocd-redis 2578 policyTypes: 2579 - Ingress 2580 --- 2581 apiVersion: networking.k8s.io/v1 2582 kind: NetworkPolicy 2583 metadata: 2584 labels: 2585 app.kubernetes.io/component: repo-server 2586 app.kubernetes.io/name: argocd-repo-server 2587 app.kubernetes.io/part-of: argocd 2588 name: argocd-repo-server-network-policy 2589 spec: 2590 ingress: 2591 - from: 2592 - podSelector: 2593 matchLabels: 2594 app.kubernetes.io/name: argocd-server 2595 - podSelector: 2596 matchLabels: 2597 app.kubernetes.io/name: argocd-application-controller 2598 - podSelector: 2599 matchLabels: 2600 app.kubernetes.io/name: argocd-notifications-controller 2601 - podSelector: 2602 matchLabels: 2603 app.kubernetes.io/name: argocd-applicationset-controller 2604 ports: 2605 - port: 8081 2606 protocol: TCP 2607 - from: 2608 - namespaceSelector: {} 2609 ports: 2610 - port: 8084 2611 podSelector: 2612 matchLabels: 2613 app.kubernetes.io/name: argocd-repo-server 2614 policyTypes: 2615 - Ingress 2616 --- 2617 apiVersion: networking.k8s.io/v1 2618 kind: NetworkPolicy 2619 metadata: 2620 labels: 2621 app.kubernetes.io/component: server 2622 app.kubernetes.io/name: argocd-server 2623 app.kubernetes.io/part-of: argocd 2624 name: argocd-server-network-policy 2625 spec: 2626 ingress: 2627 - {} 2628 podSelector: 2629 matchLabels: 2630 app.kubernetes.io/name: argocd-server 2631 policyTypes: 2632 - Ingress