diff --git a/k8s-peterg/argocd-diff/install.yaml b/k8s-peterg/argocd-diff/install.yaml deleted file mode 100644 index 1e5a624..0000000 --- a/k8s-peterg/argocd-diff/install.yaml +++ /dev/null @@ -1,2809 +0,0 @@ -# This is an auto-generated file. DO NOT EDIT -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applications - - applicationsets - - appprojects - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list -- apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -rules: -- apiGroups: - - argoproj.io - resources: - - applications - - applicationsets - - applicationsets/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - argoproj.io - resources: - - appprojects - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applicationsets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - 58ac56fa.applicationsets.argoproj.io - resources: - - leases - verbs: - - get - - update - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller -rules: -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - argocd-notifications-cm - resources: - - configmaps - verbs: - - get -- apiGroups: - - "" - resourceNames: - - argocd-notifications-secret - resources: - - secrets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -rules: -- apiGroups: - - "" - resourceNames: - - argocd-redis - resources: - - secrets - verbs: - - get -- apiGroups: - - "" - resources: - - secrets - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - applicationsets - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-application-controller -subjects: -- kind: ServiceAccount - name: argocd-application-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-applicationset-controller -subjects: -- kind: ServiceAccount - name: argocd-applicationset-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-dex-server -subjects: -- kind: ServiceAccount - name: argocd-dex-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-notifications-controller -subjects: -- kind: ServiceAccount - name: argocd-notifications-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-server -subjects: -- kind: ServiceAccount - name: argocd-server ---- -apiVersion: v1 -data: - resource.customizations.ignoreResourceUpdates.ConfigMap: | - jqPathExpressions: - # Ignore the cluster-autoscaler status - - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"' - # Ignore the annotation of the legacy Leases election - - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"' - resource.customizations.ignoreResourceUpdates.Endpoints: | - jsonPointers: - - /metadata - - /subsets - resource.customizations.ignoreResourceUpdates.all: | - jsonPointers: - - /status - resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | - jqPathExpressions: - - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"' - - '.metadata.annotations."deployment.kubernetes.io/max-replicas"' - - '.metadata.annotations."rollout.argoproj.io/desired-replicas"' - resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | - jqPathExpressions: - - '.metadata.annotations."notified.notifications.argoproj.io"' - - '.metadata.annotations."argocd.argoproj.io/refresh"' - - '.metadata.annotations."argocd.argoproj.io/hydrate"' - - '.operation' - resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | - jqPathExpressions: - - '.metadata.annotations."notified.notifications.argoproj.io"' - resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | - jqPathExpressions: - - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' - - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' - - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' - - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' - resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | - jsonPointers: - - /metadata - - /endpoints - - /ports - resource.exclusions: | - ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter - - apiGroups: - - '' - - discovery.k8s.io - kinds: - - Endpoints - - EndpointSlice - ### Internal Kubernetes resources excluded reduce the number of watched events - - apiGroups: - - coordination.k8s.io - kinds: - - Lease - ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events - - apiGroups: - - authentication.k8s.io - - authorization.k8s.io - kinds: - - SelfSubjectReview - - TokenReview - - LocalSubjectAccessReview - - SelfSubjectAccessReview - - SelfSubjectRulesReview - - SubjectAccessReview - ### Intermediate Certificate Request excluded reduce the number of watched events - - apiGroups: - - certificates.k8s.io - kinds: - - CertificateSigningRequest - - apiGroups: - - cert-manager.io - kinds: - - CertificateRequest - ### Cilium internal resources excluded reduce the number of watched events and UI Clutter - - apiGroups: - - cilium.io - kinds: - - CiliumIdentity - - CiliumEndpoint - - CiliumEndpointSlice - ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance - - apiGroups: - - kyverno.io - - reports.kyverno.io - - wgpolicyk8s.io - kinds: - - PolicyReport - - ClusterPolicyReport - - EphemeralReport - - ClusterEphemeralReport - - AdmissionReport - - ClusterAdmissionReport - - BackgroundScanReport - - ClusterBackgroundScanReport - - UpdateRequest -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-cm - app.kubernetes.io/part-of: argocd - name: argocd-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-cmd-params-cm - app.kubernetes.io/part-of: argocd - name: argocd-cmd-params-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-gpg-keys-cm - app.kubernetes.io/part-of: argocd - name: argocd-gpg-keys-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-rbac-cm - app.kubernetes.io/part-of: argocd - name: argocd-rbac-cm ---- -apiVersion: v1 -data: - ssh_known_hosts: | - # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT - [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= - bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= - bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-ssh-known-hosts-cm - app.kubernetes.io/part-of: argocd - name: argocd-ssh-known-hosts-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-tls-certs-cm - app.kubernetes.io/part-of: argocd - name: argocd-tls-certs-cm ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-secret -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/name: argocd-secret - app.kubernetes.io/part-of: argocd - name: argocd-secret -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -spec: - ports: - - name: webhook - port: 7000 - protocol: TCP - targetPort: webhook - - name: metrics - port: 8080 - protocol: TCP - targetPort: metrics - selector: - app.kubernetes.io/name: argocd-applicationset-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -spec: - ports: - - appProtocol: TCP - name: http - port: 5556 - protocol: TCP - targetPort: 5556 - - name: grpc - port: 5557 - protocol: TCP - targetPort: 5557 - - name: metrics - port: 5558 - protocol: TCP - targetPort: 5558 - selector: - app.kubernetes.io/name: argocd-dex-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: metrics - app.kubernetes.io/name: argocd-metrics - app.kubernetes.io/part-of: argocd - name: argocd-metrics -spec: - ports: - - name: metrics - port: 8082 - protocol: TCP - targetPort: 8082 - selector: - app.kubernetes.io/name: argocd-application-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller-metrics - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller-metrics -spec: - ports: - - name: metrics - port: 9001 - protocol: TCP - targetPort: 9001 - selector: - app.kubernetes.io/name: argocd-notifications-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -spec: - ports: - - name: tcp-redis - port: 6379 - targetPort: 6379 - selector: - app.kubernetes.io/name: argocd-redis ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server -spec: - ports: - - name: server - port: 8081 - protocol: TCP - targetPort: 8081 - - name: metrics - port: 8084 - protocol: TCP - targetPort: 8084 - selector: - app.kubernetes.io/name: argocd-repo-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: https - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app.kubernetes.io/name: argocd-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server-metrics - app.kubernetes.io/part-of: argocd - name: argocd-server-metrics -spec: - ports: - - name: metrics - port: 8083 - protocol: TCP - targetPort: 8083 - selector: - app.kubernetes.io/name: argocd-server ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-applicationset-controller - template: - metadata: - labels: - app.kubernetes.io/name: argocd-applicationset-controller - spec: - containers: - - args: - - /usr/local/bin/argocd-applicationset-controller - env: - - name: GRPC_ENABLE_TXT_SERVICE_CONFIG - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.grpc.enable.txt.service.config - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.global.preserved.annotations - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.global.preserved.labels - name: argocd-cmd-params-cm - optional: true - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.leader.election - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.policy - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.policy.override - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.debug - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_LOG_FORMAT_TIMESTAMP - valueFrom: - configMapKeyRef: - key: log.format.timestamp - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_QPS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.k8s.client.qps - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_BURST - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.k8s.client.burst - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.k8s.client.max.idle.connections - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_TIMEOUT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.k8s.tcp.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_KEEPALIVE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.k8s.tcp.keepalive - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.k8s.tls.handshake.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_IDLE_TIMEOUT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.k8s.tcp.idle.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.dryrun - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_GIT_MODULES_ENABLED - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.git.submodule - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.progressive.syncs - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.tokenref.strict.mode - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.repo.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.concurrent.reconciliations.max - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespaces - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.scm.root.ca.path - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.allowed.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.github.api.metrics - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.requeue.after - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_MAX_RESOURCES_STATUS_COUNT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.status.max.resources.count - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:v3.4.3 - imagePullPolicy: Always - name: argocd-applicationset-controller - ports: - - containerPort: 7000 - name: webhook - - containerPort: 8080 - name: metrics - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/gpg/source - name: gpg-keys - - mountPath: /app/config/gpg/keys - name: gpg-keyring - - mountPath: /tmp - name: tmp - - mountPath: /app/config/reposerver/tls - name: argocd-repo-server-tls - - mountPath: /home/argocd/params - name: argocd-cmd-params-cm - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: argocd-applicationset-controller - volumes: - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - configMap: - name: argocd-gpg-keys-cm - name: gpg-keys - - emptyDir: {} - name: gpg-keyring - - emptyDir: {} - name: tmp - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - configMap: - items: - - key: applicationsetcontroller.profile.enabled - path: profiler.enabled - name: argocd-cmd-params-cm - optional: true - name: argocd-cmd-params-cm ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-dex-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-dex-server - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - command: - - /shared/argocd-dex - - rundex - env: - - name: ARGOCD_DEX_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: dexserver.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEX_SERVER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: dexserver.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_LOG_FORMAT_TIMESTAMP - valueFrom: - configMapKeyRef: - key: log.format.timestamp - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEX_SERVER_DISABLE_TLS - valueFrom: - configMapKeyRef: - key: dexserver.disable.tls - name: argocd-cmd-params-cm - optional: true - - name: DEX_CONTINUE_ON_CONNECTOR_FAILURE - valueFrom: - configMapKeyRef: - key: dexserver.connector.failure.continue - name: argocd-cmd-params-cm - optional: true - image: ghcr.io/dexidp/dex:v2.45.0 - imagePullPolicy: Always - name: dex - ports: - - containerPort: 5556 - - containerPort: 5557 - - containerPort: 5558 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /shared - name: static-files - - mountPath: /tmp - name: dexconfig - - mountPath: /tls - name: argocd-dex-server-tls - initContainers: - - command: - - /bin/cp - - -n - - /usr/local/bin/argocd - - /shared/argocd-dex - image: quay.io/argoproj/argocd:v3.4.3 - imagePullPolicy: Always - name: copyutil - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /shared - name: static-files - - mountPath: /tmp - name: dexconfig - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: argocd-dex-server - volumes: - - emptyDir: {} - name: static-files - - emptyDir: {} - name: dexconfig - - name: argocd-dex-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-dex-server-tls ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-notifications-controller - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: argocd-notifications-controller - spec: - containers: - - args: - - /usr/local/bin/argocd-notifications - env: - - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: notificationscontroller.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: notificationscontroller.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_NOTIFICATION_CONTROLLER_PROCESSORS_COUNT - valueFrom: - configMapKeyRef: - key: notificationscontroller.processors.count - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_LOG_FORMAT_TIMESTAMP - valueFrom: - configMapKeyRef: - key: log.format.timestamp - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - key: application.namespaces - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED - valueFrom: - configMapKeyRef: - key: notificationscontroller.selfservice.enabled - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: notificationscontroller.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:v3.4.3 - imagePullPolicy: Always - livenessProbe: - tcpSocket: - port: 9001 - name: argocd-notifications-controller - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/reposerver/tls - name: argocd-repo-server-tls - workingDir: /app - nodeSelector: - kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: argocd-notifications-controller - volumes: - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-redis - template: - metadata: - labels: - app.kubernetes.io/name: argocd-redis - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - --save - - "" - - --appendonly - - "no" - - --requirepass $(REDIS_PASSWORD) - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: auth - name: argocd-redis - image: public.ecr.aws/docker/library/redis:8.2.3-alpine - imagePullPolicy: Always - name: redis - ports: - - containerPort: 6379 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - initContainers: - - command: - - argocd - - admin - - redis-initial-password - image: quay.io/argoproj/argocd:v3.4.3 - imagePullPolicy: IfNotPresent - name: secret-init - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - nodeSelector: - kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 999 - seccompProfile: - type: RuntimeDefault - serviceAccountName: argocd-redis ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-repo-server - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - automountServiceAccountToken: false - containers: - - args: - - /usr/local/bin/argocd-repo-server - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: auth - name: argocd-redis - - name: GRPC_ENABLE_TXT_SERVICE_CONFIG - valueFrom: - configMapKeyRef: - key: reposerver.grpc.enable.txt.service.config - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true - - name: ARGOCD_REPO_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: reposerver.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: reposerver.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_LOG_FORMAT_TIMESTAMP - valueFrom: - configMapKeyRef: - key: log.format.timestamp - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: reposerver.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: reposerver.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS - valueFrom: - configMapKeyRef: - key: reposerver.metrics.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_DISABLE_TLS - valueFrom: - configMapKeyRef: - key: reposerver.disable.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MIN_VERSION - valueFrom: - configMapKeyRef: - key: reposerver.tls.minversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MAX_VERSION - valueFrom: - configMapKeyRef: - key: reposerver.tls.maxversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_CIPHERS - valueFrom: - configMapKeyRef: - key: reposerver.tls.ciphers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: reposerver.repo.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - key: redis.compression - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: reposerver.default.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - key: otlp.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_OTLP_INSECURE - valueFrom: - configMapKeyRef: - key: otlp.insecure - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_OTLP_HEADERS - valueFrom: - configMapKeyRef: - key: otlp.headers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_OTLP_ATTRS - valueFrom: - configMapKeyRef: - key: otlp.attrs - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.max.combined.directory.manifests.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS - valueFrom: - configMapKeyRef: - key: reposerver.plugin.tar.exclusions - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS - valueFrom: - configMapKeyRef: - key: reposerver.plugin.use.manifest.generate.paths - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS - valueFrom: - configMapKeyRef: - key: reposerver.allow.oob.symlinks - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.streamed.manifest.max.tar.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.streamed.manifest.max.extracted.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.helm.manifest.max.extracted.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.disable.helm.manifest.max.extracted.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.oci.manifest.max.extracted.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE - valueFrom: - configMapKeyRef: - key: reposerver.disable.oci.manifest.max.extracted.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES - valueFrom: - configMapKeyRef: - key: reposerver.oci.layer.media.types - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT - valueFrom: - configMapKeyRef: - key: reposerver.revision.cache.lock.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_GIT_MODULES_ENABLED - valueFrom: - configMapKeyRef: - key: reposerver.enable.git.submodule - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: reposerver.git.lsremote.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_GIT_REQUEST_TIMEOUT - valueFrom: - configMapKeyRef: - key: reposerver.git.request.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_ENABLE_BUILTIN_GIT_CONFIG - valueFrom: - configMapKeyRef: - key: reposerver.enable.builtin.git.config - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES - valueFrom: - configMapKeyRef: - key: reposerver.include.hidden.directories - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_HELM_USER_AGENT - valueFrom: - configMapKeyRef: - key: reposerver.helm.user.agent - name: argocd-cmd-params-cm - optional: true - - name: HELM_CACHE_HOME - value: /helm-working-dir - - name: HELM_CONFIG_HOME - value: /helm-working-dir - - name: HELM_DATA_HOME - value: /helm-working-dir - image: quay.io/argoproj/argocd:v3.4.3 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz?full=true - port: 8084 - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - name: argocd-repo-server - ports: - - containerPort: 8081 - - containerPort: 8084 - readinessProbe: - httpGet: - path: /healthz - port: 8084 - initialDelaySeconds: 5 - periodSeconds: 10 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/gpg/source - name: gpg-keys - - mountPath: /app/config/gpg/keys - name: gpg-keyring - - mountPath: /app/config/reposerver/tls - name: argocd-repo-server-tls - - mountPath: /tmp - name: tmp - - mountPath: /helm-working-dir - name: helm-working-dir - - mountPath: /home/argocd/cmp-server/plugins - name: plugins - initContainers: - - args: - - /bin/cp /usr/local/bin/argocd /var/run/argocd/argocd && /bin/ln -sf /var/run/argocd/argocd - /var/run/argocd/argocd-cmp-server - command: - - sh - - -c - image: quay.io/argoproj/argocd:v3.4.3 - name: copyutil - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/run/argocd - name: var-files - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: argocd-repo-server - volumes: - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - configMap: - name: argocd-gpg-keys-cm - name: gpg-keys - - emptyDir: {} - name: gpg-keyring - - emptyDir: {} - name: tmp - - emptyDir: {} - name: helm-working-dir - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - emptyDir: {} - name: var-files - - emptyDir: {} - name: plugins - - configMap: - items: - - key: reposerver.profile.enabled - path: profiler.enabled - name: argocd-cmd-params-cm - optional: true - name: argocd-cmd-params-cm ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-server - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - /usr/local/bin/argocd-server - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: auth - name: argocd-redis - - name: GRPC_ENABLE_TXT_SERVICE_CONFIG - valueFrom: - configMapKeyRef: - key: server.grpc.enable.txt.service.config - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_INSECURE - valueFrom: - configMapKeyRef: - key: server.insecure - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_BASEHREF - valueFrom: - configMapKeyRef: - key: server.basehref - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_ROOTPATH - valueFrom: - configMapKeyRef: - key: server.rootpath - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: server.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_LOG_LEVEL - valueFrom: - configMapKeyRef: - key: server.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_QPS - valueFrom: - configMapKeyRef: - key: server.k8s.client.qps - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_BURST - valueFrom: - configMapKeyRef: - key: server.k8s.client.burst - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS - valueFrom: - configMapKeyRef: - key: server.k8s.client.max.idle.connections - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_TIMEOUT - valueFrom: - configMapKeyRef: - key: server.k8s.tcp.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_KEEPALIVE - valueFrom: - configMapKeyRef: - key: server.k8s.tcp.keepalive - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT - valueFrom: - configMapKeyRef: - key: server.k8s.tls.handshake.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_IDLE_TIMEOUT - valueFrom: - configMapKeyRef: - key: server.k8s.tcp.idle.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DEX_SERVER - valueFrom: - configMapKeyRef: - key: server.dex.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DISABLE_AUTH - valueFrom: - configMapKeyRef: - key: server.disable.auth - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_ENABLE_GZIP - valueFrom: - configMapKeyRef: - key: server.enable.gzip - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: server.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_X_FRAME_OPTIONS - valueFrom: - configMapKeyRef: - key: server.x.frame.options - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY - valueFrom: - configMapKeyRef: - key: server.content.security.policy - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: server.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: server.repo.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: server.dex.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: server.dex.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MIN_VERSION - valueFrom: - configMapKeyRef: - key: server.tls.minversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_MAX_VERSION - valueFrom: - configMapKeyRef: - key: server.tls.maxversion - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_TLS_CIPHERS - valueFrom: - configMapKeyRef: - key: server.tls.ciphers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.connection.status.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.oidc.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_STATIC_ASSETS - valueFrom: - configMapKeyRef: - key: server.staticassets - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APP_STATE_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.app.state.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - key: redis.compression - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: server.default.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_MAX_COOKIE_NUMBER - valueFrom: - configMapKeyRef: - key: server.http.cookie.maxnumber - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: server.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: server.metrics.listen.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - key: otlp.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_OTLP_INSECURE - valueFrom: - configMapKeyRef: - key: otlp.insecure - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_OTLP_HEADERS - valueFrom: - configMapKeyRef: - key: otlp.headers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_OTLP_ATTRS - valueFrom: - configMapKeyRef: - key: otlp.attrs - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - key: application.namespaces - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION - valueFrom: - configMapKeyRef: - key: server.enable.proxy.extension - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_MAX - valueFrom: - configMapKeyRef: - key: server.k8sclient.retry.max - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF - valueFrom: - configMapKeyRef: - key: server.k8sclient.retry.base.backoff - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_API_CONTENT_TYPES - valueFrom: - configMapKeyRef: - key: server.api.content.types - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: server.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.scm.root.ca.path - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.allowed.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.github.api.metrics - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_HYDRATOR_ENABLED - valueFrom: - configMapKeyRef: - key: hydrator.enabled - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED - valueFrom: - configMapKeyRef: - key: server.sync.replace.allowed - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:v3.4.3 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz?full=true - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - timeoutSeconds: 5 - name: argocd-server - ports: - - containerPort: 8080 - - containerPort: 8083 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - - mountPath: /app/config/server/tls - name: argocd-repo-server-tls - - mountPath: /app/config/dex/tls - name: argocd-dex-server-tls - - mountPath: /home/argocd - name: plugins-home - - mountPath: /tmp - name: tmp - - mountPath: /home/argocd/params - name: argocd-cmd-params-cm - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: argocd-server - volumes: - - emptyDir: {} - name: plugins-home - - emptyDir: {} - name: tmp - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - name: argocd-dex-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-dex-server-tls - - configMap: - items: - - key: server.profile.enabled - path: profiler.enabled - name: argocd-cmd-params-cm - optional: true - name: argocd-cmd-params-cm ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - serviceName: argocd-application-controller - template: - metadata: - labels: - app.kubernetes.io/name: argocd-application-controller - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - /usr/local/bin/argocd-application-controller - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: auth - name: argocd-redis - - name: GRPC_ENABLE_TXT_SERVICE_CONFIG - valueFrom: - configMapKeyRef: - key: controller.grpc.enable.txt.service.config - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_CONTROLLER_REPLICAS - value: "1" - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true - - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.hard.reconciliation - name: argocd-cm - optional: true - - name: ARGOCD_RECONCILIATION_JITTER - valueFrom: - configMapKeyRef: - key: timeout.reconciliation.jitter - name: argocd-cm - optional: true - - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS - valueFrom: - configMapKeyRef: - key: controller.repo.error.grace.period.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: controller.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS - valueFrom: - configMapKeyRef: - key: controller.status.processors - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS - valueFrom: - configMapKeyRef: - key: controller.operation.processors - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: controller.log.format - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL - valueFrom: - configMapKeyRef: - key: controller.log.level - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_LOG_FORMAT_TIMESTAMP - valueFrom: - configMapKeyRef: - key: log.format.timestamp - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_QPS - valueFrom: - configMapKeyRef: - key: controller.k8s.client.qps - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_BURST - valueFrom: - configMapKeyRef: - key: controller.k8s.client.burst - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS - valueFrom: - configMapKeyRef: - key: controller.k8s.client.max.idle.connections - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_TIMEOUT - valueFrom: - configMapKeyRef: - key: controller.k8s.tcp.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_KEEPALIVE - valueFrom: - configMapKeyRef: - key: controller.k8s.tcp.keepalive - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT - valueFrom: - configMapKeyRef: - key: controller.k8s.tls.handshake.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8S_TCP_IDLE_TIMEOUT - valueFrom: - configMapKeyRef: - key: controller.k8s.tcp.idle.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: controller.metrics.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: controller.self.heal.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: controller.self.heal.backoff.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR - valueFrom: - configMapKeyRef: - key: controller.self.heal.backoff.factor - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS - valueFrom: - configMapKeyRef: - key: controller.self.heal.backoff.cap.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS - valueFrom: - configMapKeyRef: - key: controller.self.heal.backoff.cooldown.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_SYNC_WAVE_DELAY - valueFrom: - configMapKeyRef: - key: controller.sync.wave.delay.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT - valueFrom: - configMapKeyRef: - key: controller.sync.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: controller.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - key: controller.repo.server.strict.tls - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH - valueFrom: - configMapKeyRef: - key: controller.resource.health.persist - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APP_STATE_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: controller.app.state.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - key: redis.compression - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - key: controller.default.cache.expiration - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - key: otlp.address - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE - valueFrom: - configMapKeyRef: - key: otlp.insecure - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS - valueFrom: - configMapKeyRef: - key: otlp.headers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS - valueFrom: - configMapKeyRef: - key: otlp.attrs - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - key: application.namespaces - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM - valueFrom: - configMapKeyRef: - key: controller.sharding.algorithm - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: controller.kubectl.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_MAX - valueFrom: - configMapKeyRef: - key: controller.k8sclient.retry.max - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF - valueFrom: - configMapKeyRef: - key: controller.k8sclient.retry.base.backoff - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF - valueFrom: - configMapKeyRef: - key: controller.diff.server.side - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT - valueFrom: - configMapKeyRef: - key: controller.ignore.normalizer.jq.timeout - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_HYDRATOR_ENABLED - valueFrom: - configMapKeyRef: - key: hydrator.enabled - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING - valueFrom: - configMapKeyRef: - key: controller.cluster.cache.batch.events.processing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL - valueFrom: - configMapKeyRef: - key: controller.cluster.cache.events.processing.interval - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER - valueFrom: - configMapKeyRef: - key: commit.server - name: argocd-cmd-params-cm - optional: true - - name: KUBECACHEDIR - value: /tmp/kubecache - image: quay.io/argoproj/argocd:v3.4.3 - imagePullPolicy: Always - name: argocd-application-controller - ports: - - containerPort: 8082 - readinessProbe: - httpGet: - path: /healthz - port: 8082 - initialDelaySeconds: 5 - periodSeconds: 10 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/controller/tls - name: argocd-repo-server-tls - - mountPath: /home/argocd - name: argocd-home - - mountPath: /home/argocd/params - name: argocd-cmd-params-cm - - mountPath: /tmp - name: argocd-application-controller-tmp - workingDir: /home/argocd - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: argocd-application-controller - volumes: - - emptyDir: {} - name: argocd-home - - emptyDir: {} - name: argocd-application-controller-tmp - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - configMap: - items: - - key: controller.profile.enabled - path: profiler.enabled - name: argocd-cmd-params-cm - optional: true - name: argocd-cmd-params-cm ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8082 - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: applicationset-controller - app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd - name: argocd-applicationset-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 7000 - protocol: TCP - - port: 8080 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-applicationset-controller - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server-network-policy -spec: - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - ports: - - port: 5556 - protocol: TCP - - port: 5557 - protocol: TCP - - from: - - namespaceSelector: {} - ports: - - port: 5558 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-dex-server - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: notifications-controller - app.kubernetes.io/name: argocd-notifications-controller - app.kubernetes.io/part-of: argocd - name: argocd-notifications-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 9001 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-notifications-controller - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis-network-policy -spec: - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - ports: - - port: 6379 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server-network-policy -spec: - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-notifications-controller - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-applicationset-controller - ports: - - port: 8081 - protocol: TCP - - from: - - namespaceSelector: {} - ports: - - port: 8084 - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server-network-policy -spec: - ingress: - - {} - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - policyTypes: - - Ingress diff --git a/k8s-peterg/argocd-diff/kustomization.yaml b/k8s-peterg/argocd-diff/kustomization.yaml deleted file mode 100644 index 5c319f3..0000000 --- a/k8s-peterg/argocd-diff/kustomization.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - install.yaml - - repository.yaml - - namespace.yaml - -namespace: argocd-diff - -configMapGenerator: - - name: argocd-cmd-params-cm - behavior: replace - literals: - - server.insecure=true - - reposerver.enable.git.submodule=false - - name: argocd-cm - behavior: merge - literals: - - kustomize.buildOptions=--enable-helm diff --git a/k8s-peterg/argocd-diff/namespace.yaml b/k8s-peterg/argocd-diff/namespace.yaml deleted file mode 100644 index 699d487..0000000 --- a/k8s-peterg/argocd-diff/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: argocd-diff diff --git a/k8s-peterg/argocd-diff/repository.yaml b/k8s-peterg/argocd-diff/repository.yaml deleted file mode 100644 index cb5ec46..0000000 --- a/k8s-peterg/argocd-diff/repository.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: argocd-private-repo - namespace: argocd - annotations: - managed-by: argocd.argoproj.io - labels: - argocd.argoproj.io/secret-type: repository -stringData: - type: git - url: https://code.peterg.nl/wheatley/kubernetes.git diff --git a/k8s-peterg/argocd/applications-peterg.yaml b/k8s-peterg/argocd/applications-peterg.yaml index f1483bd..65805fb 100644 --- a/k8s-peterg/argocd/applications-peterg.yaml +++ b/k8s-peterg/argocd/applications-peterg.yaml @@ -22,27 +22,6 @@ spec: --- apiVersion: argoproj.io/v1alpha1 kind: Application -metadata: - name: argocd-diff - namespace: argocd -spec: - project: default - source: - repoURL: https://code.peterg.nl/wheatley/kubernetes.git - path: k8s-peterg/argocd-diff - targetRevision: HEAD - destination: - server: https://kubernetes.default.svc - namespace: argocd-diff - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - ServerSideApply=true ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application metadata: name: cilium-peterg namespace: argocd