1
# This is an auto-generated file. DO NOT EDIT
6
app.kubernetes.io/component: application-controller
7
app.kubernetes.io/name: argocd-application-controller
8
app.kubernetes.io/part-of: argocd
9
name: argocd-application-controller
15
app.kubernetes.io/component: applicationset-controller
16
app.kubernetes.io/name: argocd-applicationset-controller
17
app.kubernetes.io/part-of: argocd
18
name: argocd-applicationset-controller
24
app.kubernetes.io/component: dex-server
25
app.kubernetes.io/name: argocd-dex-server
26
app.kubernetes.io/part-of: argocd
27
name: argocd-dex-server
33
app.kubernetes.io/component: notifications-controller
34
app.kubernetes.io/name: argocd-notifications-controller
35
app.kubernetes.io/part-of: argocd
36
name: argocd-notifications-controller
42
app.kubernetes.io/component: redis
43
app.kubernetes.io/name: argocd-redis-ha
44
app.kubernetes.io/part-of: argocd
51
app.kubernetes.io/component: redis
52
app.kubernetes.io/name: argocd-redis-ha-haproxy
53
app.kubernetes.io/part-of: argocd
54
name: argocd-redis-ha-haproxy
60
app.kubernetes.io/component: repo-server
61
app.kubernetes.io/name: argocd-repo-server
62
app.kubernetes.io/part-of: argocd
63
name: argocd-repo-server
69
app.kubernetes.io/component: server
70
app.kubernetes.io/name: argocd-server
71
app.kubernetes.io/part-of: argocd
74
apiVersion: rbac.authorization.k8s.io/v1
78
app.kubernetes.io/component: application-controller
79
app.kubernetes.io/name: argocd-application-controller
80
app.kubernetes.io/part-of: argocd
81
name: argocd-application-controller
121
apiVersion: rbac.authorization.k8s.io/v1
125
app.kubernetes.io/component: applicationset-controller
126
app.kubernetes.io/name: argocd-applicationset-controller
127
app.kubernetes.io/part-of: argocd
128
name: argocd-applicationset-controller
135
- applicationsets/finalizers
153
- applicationsets/status
187
apiVersion: rbac.authorization.k8s.io/v1
191
app.kubernetes.io/component: dex-server
192
app.kubernetes.io/name: argocd-dex-server
193
app.kubernetes.io/part-of: argocd
194
name: argocd-dex-server
206
apiVersion: rbac.authorization.k8s.io/v1
210
app.kubernetes.io/component: notifications-controller
211
app.kubernetes.io/name: argocd-notifications-controller
212
app.kubernetes.io/part-of: argocd
213
name: argocd-notifications-controller
237
- argocd-notifications-cm
245
- argocd-notifications-secret
251
apiVersion: rbac.authorization.k8s.io/v1
255
app.kubernetes.io/component: redis
256
app.kubernetes.io/name: argocd-redis-ha
257
app.kubernetes.io/part-of: argocd
258
name: argocd-redis-ha
267
apiVersion: rbac.authorization.k8s.io/v1
271
app.kubernetes.io/component: redis
272
app.kubernetes.io/name: argocd-redis-ha
273
app.kubernetes.io/part-of: argocd
274
name: argocd-redis-ha-haproxy
283
apiVersion: rbac.authorization.k8s.io/v1
287
app.kubernetes.io/component: server
288
app.kubernetes.io/name: argocd-server
289
app.kubernetes.io/part-of: argocd
327
apiVersion: rbac.authorization.k8s.io/v1
331
app.kubernetes.io/component: application-controller
332
app.kubernetes.io/name: argocd-application-controller
333
app.kubernetes.io/part-of: argocd
334
name: argocd-application-controller
336
apiGroup: rbac.authorization.k8s.io
338
name: argocd-application-controller
340
- kind: ServiceAccount
341
name: argocd-application-controller
343
apiVersion: rbac.authorization.k8s.io/v1
347
app.kubernetes.io/component: applicationset-controller
348
app.kubernetes.io/name: argocd-applicationset-controller
349
app.kubernetes.io/part-of: argocd
350
name: argocd-applicationset-controller
352
apiGroup: rbac.authorization.k8s.io
354
name: argocd-applicationset-controller
356
- kind: ServiceAccount
357
name: argocd-applicationset-controller
359
apiVersion: rbac.authorization.k8s.io/v1
363
app.kubernetes.io/component: dex-server
364
app.kubernetes.io/name: argocd-dex-server
365
app.kubernetes.io/part-of: argocd
366
name: argocd-dex-server
368
apiGroup: rbac.authorization.k8s.io
370
name: argocd-dex-server
372
- kind: ServiceAccount
373
name: argocd-dex-server
375
apiVersion: rbac.authorization.k8s.io/v1
379
app.kubernetes.io/component: notifications-controller
380
app.kubernetes.io/name: argocd-notifications-controller
381
app.kubernetes.io/part-of: argocd
382
name: argocd-notifications-controller
384
apiGroup: rbac.authorization.k8s.io
386
name: argocd-notifications-controller
388
- kind: ServiceAccount
389
name: argocd-notifications-controller
391
apiVersion: rbac.authorization.k8s.io/v1
395
app.kubernetes.io/component: redis
396
app.kubernetes.io/name: argocd-redis-ha
397
app.kubernetes.io/part-of: argocd
398
name: argocd-redis-ha
400
apiGroup: rbac.authorization.k8s.io
402
name: argocd-redis-ha
404
- kind: ServiceAccount
405
name: argocd-redis-ha
407
apiVersion: rbac.authorization.k8s.io/v1
411
app.kubernetes.io/component: redis
412
app.kubernetes.io/name: argocd-redis-ha
413
app.kubernetes.io/part-of: argocd
414
name: argocd-redis-ha-haproxy
416
apiGroup: rbac.authorization.k8s.io
418
name: argocd-redis-ha-haproxy
420
- kind: ServiceAccount
421
name: argocd-redis-ha-haproxy
423
apiVersion: rbac.authorization.k8s.io/v1
427
app.kubernetes.io/component: server
428
app.kubernetes.io/name: argocd-server
429
app.kubernetes.io/part-of: argocd
432
apiGroup: rbac.authorization.k8s.io
436
- kind: ServiceAccount
443
app.kubernetes.io/name: argocd-cm
444
app.kubernetes.io/part-of: argocd
449
redis.server: argocd-redis-ha-haproxy:6379
453
app.kubernetes.io/name: argocd-cmd-params-cm
454
app.kubernetes.io/part-of: argocd
455
name: argocd-cmd-params-cm
461
app.kubernetes.io/name: argocd-gpg-keys-cm
462
app.kubernetes.io/part-of: argocd
463
name: argocd-gpg-keys-cm
469
app.kubernetes.io/component: notifications-controller
470
app.kubernetes.io/name: argocd-notifications-controller
471
app.kubernetes.io/part-of: argocd
472
name: argocd-notifications-cm
478
app.kubernetes.io/name: argocd-rbac-cm
479
app.kubernetes.io/part-of: argocd
484
fix-split-brain.sh: |
485
HOSTNAME="$(hostname)"
486
INDEX="${HOSTNAME##*-}"
490
MASTER_GROUP="argocd"
492
REDIS_CONF=/data/conf/redis.conf
495
SENTINEL_CONF=/data/conf/sentinel.conf
497
SERVICE=argocd-redis-ha
498
SENTINEL_TLS_REPLICATION_ENABLED=false
499
REDIS_TLS_REPLICATION_ENABLED=false
505
sentinel_get_master() {
507
if [ "$SENTINEL_PORT" -eq 0 ]; then
508
redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
509
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
511
redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
512
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
517
sentinel_get_master_retry() {
521
for i in $(seq 1 "${retry}"); do
522
master=$(sentinel_get_master)
523
if [ -n "${master}" ]; then
532
echo "Identifying redis master (get-master-addr-by-name).."
533
echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)"
534
MASTER="$(sentinel_get_master_retry 3)"
535
if [ -n "${MASTER}" ]; then
536
echo " $(date) Found redis master (${MASTER})"
538
echo " $(date) Did not find redis master (${MASTER})"
543
echo "Updating sentinel config.."
544
echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
545
eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
546
echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
547
sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
548
if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
549
echo " redis master (${1}:${REDIS_TLS_PORT})"
550
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
552
echo " redis master (${1}:${REDIS_PORT})"
553
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
555
echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
556
if [ "$SENTINEL_PORT" -eq 0 ]; then
557
echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
558
echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
560
echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
561
echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
566
echo "Updating redis config.."
567
if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
568
echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})"
569
echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
570
echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
572
echo " we are slave of redis master (${1}:${REDIS_PORT})"
573
echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
574
echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
576
echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
580
echo "Copying default redis config.."
581
echo " to '${REDIS_CONF}'"
582
cp /readonly-config/redis.conf "${REDIS_CONF}"
583
echo "Copying default sentinel config.."
584
echo " to '${SENTINEL_CONF}'"
585
cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
589
echo "Setting up defaults.."
590
echo " using statefulset index (${INDEX})"
591
if [ "${INDEX}" = "0" ]; then
592
echo "Setting this pod as master for redis and sentinel.."
593
echo " using announce (${ANNOUNCE_IP})"
594
redis_update "${ANNOUNCE_IP}"
595
sentinel_update "${ANNOUNCE_IP}"
596
echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
597
sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
599
echo "Getting redis master ip.."
600
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
601
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
602
if [ -z "${DEFAULT_MASTER}" ]; then
603
echo "Error: Unable to resolve redis master (getent hosts)."
606
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
607
echo "Setting default slave config for redis and sentinel.."
608
echo " using master ip (${DEFAULT_MASTER})"
609
redis_update "${DEFAULT_MASTER}"
610
sentinel_update "${DEFAULT_MASTER}"
616
if [ "$REDIS_PORT" -eq 0 ]; then
617
redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping
619
redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping
628
for i in $(seq 1 "${retry}"); do
629
if [ "$(redis_ping)" = "PONG" ]; then
634
MASTER=$(sentinel_get_master)
640
echo "Verifying redis master.."
641
if [ "$REDIS_PORT" -eq 0 ]; then
642
echo " ping (${MASTER}:${REDIS_TLS_PORT})"
644
echo " ping (${MASTER}:${REDIS_PORT})"
646
if [ "$(redis_ping_retry 3)" != "PONG" ]; then
647
echo " $(date) Can't ping redis master (${MASTER})"
648
echo "Attempting to force failover (sentinel failover).."
650
if [ "$SENTINEL_PORT" -eq 0 ]; then
651
echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
652
if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
653
echo " $(date) Failover returned with 'NOGOODSLAVE'"
654
echo "Setting defaults for this pod.."
659
echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
660
if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
661
echo " $(date) Failover returned with 'NOGOODSLAVE'"
662
echo "Setting defaults for this pod.."
668
echo "Hold on for 10sec"
670
echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
671
if [ "$SENTINEL_PORT" -eq 0 ]; then
672
echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
674
echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
676
MASTER="$(sentinel_get_master)"
677
if [ "${MASTER}" ]; then
678
echo " $(date) Found redis master (${MASTER})"
679
echo "Updating redis and sentinel config.."
680
sentinel_update "${MASTER}"
681
redis_update "${MASTER}"
683
echo "$(date) Error: Could not failover, exiting..."
687
echo " $(date) Found reachable redis master (${MASTER})"
688
echo "Updating redis and sentinel config.."
689
sentinel_update "${MASTER}"
690
redis_update "${MASTER}"
695
echo "Updating read-only redis config.."
696
echo " redis.conf set 'replica-priority 0'"
697
echo "replica-priority 0" >> ${REDIS_CONF}
702
service="${SERVICE}-announce-${index}"
703
host=$(getent hosts "${service}")
707
identify_announce_ip() {
708
echo "Identify announce ip for this pod.."
709
echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
710
ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
711
echo " identified announce (${ANNOUNCE_IP})"
716
if [ "$REDIS_PORT" -eq 0 ]; then
717
ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//')
719
ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//')
724
identify_redis_master() {
726
if [ "$REDIS_PORT" -eq 0 ]; then
727
REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//')
729
REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//')
736
sh /readonly-config/init.sh
738
if [ "$REDIS_PORT" -eq 0 ]; then
739
echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key
741
echo "shutdown" | redis-cli -p "${REDIS_PORT}"
748
while [ -z "${ANNOUNCE_IP}" ]; do
749
echo "Error: Could not resolve the announce ip for this pod."
757
# where is redis master
760
if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
762
if [ "$ROLE" != "master" ]; then
765
elif [ "${MASTER}" ]; then
766
identify_redis_master
767
if [ "$REDIS_MASTER" != "$MASTER" ]; then
772
haproxy.cfg: "defaults REDIS\n mode tcp\n timeout connect 4s\n timeout server
773
6m\n timeout client 6m\n timeout check 2s\n\nlisten health_check_http_url\n
774
\ bind :8888 \n mode http\n monitor-uri /healthz\n option dontlognull\n#
775
Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_0\n
776
\ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n
777
\ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\
778
argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE0\n tcp-check send QUIT\\r\\n\n
779
\ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379
780
check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n#
781
Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_1\n
782
\ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n
783
\ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\
784
argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE1\n tcp-check send QUIT\\r\\n\n
785
\ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379
786
check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n#
787
Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_2\n
788
\ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n
789
\ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\
790
argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE2\n tcp-check send QUIT\\r\\n\n
791
\ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379
792
check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n\n#
793
decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n
794
\ use_backend bk_redis_master\n# Check all redis servers to see if they think
795
they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check
796
connect\n tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check
797
send info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check
798
send QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0)
799
} { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379
800
check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1)
801
ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise
802
1\n use-server R2 if { srv_is_up(R2) } { nbsrv(check_if_redis_is_master_2) ge
803
2 }\n server R2 argocd-redis-ha-announce-2:6379 check inter 3s fall 1 rise 1\nfrontend
804
stats\n mode http\n bind :9101 \n http-request use-service prometheus-exporter
805
if { path /metrics }\n stats enable\n stats uri /stats\n stats refresh 10s\n"
807
HAPROXY_CONF=/data/haproxy.cfg
808
cp /readonly/haproxy.cfg "$HAPROXY_CONF"
809
for loop in $(seq 1 10); do
810
getent hosts argocd-redis-ha-announce-0 && break
811
echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
813
ANNOUNCE_IP0=$(getent hosts "argocd-redis-ha-announce-0" | awk '{ print $1 }')
814
if [ -z "$ANNOUNCE_IP0" ]; then
815
echo "Could not resolve the announce ip for argocd-redis-ha-announce-0"
818
sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF"
819
for loop in $(seq 1 10); do
820
getent hosts argocd-redis-ha-announce-1 && break
821
echo "Waiting for service argocd-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1
823
ANNOUNCE_IP1=$(getent hosts "argocd-redis-ha-announce-1" | awk '{ print $1 }')
824
if [ -z "$ANNOUNCE_IP1" ]; then
825
echo "Could not resolve the announce ip for argocd-redis-ha-announce-1"
828
sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF"
829
for loop in $(seq 1 10); do
830
getent hosts argocd-redis-ha-announce-2 && break
831
echo "Waiting for service argocd-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1
833
ANNOUNCE_IP2=$(getent hosts "argocd-redis-ha-announce-2" | awk '{ print $1 }')
834
if [ -z "$ANNOUNCE_IP2" ]; then
835
echo "Could not resolve the announce ip for argocd-redis-ha-announce-2"
838
sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"
840
echo "$(date) Start..."
841
HOSTNAME="$(hostname)"
842
INDEX="${HOSTNAME##*-}"
846
MASTER_GROUP="argocd"
848
REDIS_CONF=/data/conf/redis.conf
851
SENTINEL_CONF=/data/conf/sentinel.conf
853
SERVICE=argocd-redis-ha
854
SENTINEL_TLS_REPLICATION_ENABLED=false
855
REDIS_TLS_REPLICATION_ENABLED=false
858
sentinel_get_master() {
860
if [ "$SENTINEL_PORT" -eq 0 ]; then
861
redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
862
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
864
redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
865
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
870
sentinel_get_master_retry() {
874
for i in $(seq 1 "${retry}"); do
875
master=$(sentinel_get_master)
876
if [ -n "${master}" ]; then
885
echo "Identifying redis master (get-master-addr-by-name).."
886
echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)"
887
MASTER="$(sentinel_get_master_retry 3)"
888
if [ -n "${MASTER}" ]; then
889
echo " $(date) Found redis master (${MASTER})"
891
echo " $(date) Did not find redis master (${MASTER})"
896
echo "Updating sentinel config.."
897
echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
898
eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
899
echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
900
sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
901
if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
902
echo " redis master (${1}:${REDIS_TLS_PORT})"
903
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
905
echo " redis master (${1}:${REDIS_PORT})"
906
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
908
echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
909
if [ "$SENTINEL_PORT" -eq 0 ]; then
910
echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
911
echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
913
echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
914
echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
919
echo "Updating redis config.."
920
if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
921
echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})"
922
echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
923
echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
925
echo " we are slave of redis master (${1}:${REDIS_PORT})"
926
echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
927
echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
929
echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
933
echo "Copying default redis config.."
934
echo " to '${REDIS_CONF}'"
935
cp /readonly-config/redis.conf "${REDIS_CONF}"
936
echo "Copying default sentinel config.."
937
echo " to '${SENTINEL_CONF}'"
938
cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
942
echo "Setting up defaults.."
943
echo " using statefulset index (${INDEX})"
944
if [ "${INDEX}" = "0" ]; then
945
echo "Setting this pod as master for redis and sentinel.."
946
echo " using announce (${ANNOUNCE_IP})"
947
redis_update "${ANNOUNCE_IP}"
948
sentinel_update "${ANNOUNCE_IP}"
949
echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
950
sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
952
echo "Getting redis master ip.."
953
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
954
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
955
if [ -z "${DEFAULT_MASTER}" ]; then
956
echo "Error: Unable to resolve redis master (getent hosts)."
959
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
960
echo "Setting default slave config for redis and sentinel.."
961
echo " using master ip (${DEFAULT_MASTER})"
962
redis_update "${DEFAULT_MASTER}"
963
sentinel_update "${DEFAULT_MASTER}"
969
if [ "$REDIS_PORT" -eq 0 ]; then
970
redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping
972
redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping
981
for i in $(seq 1 "${retry}"); do
982
if [ "$(redis_ping)" = "PONG" ]; then
987
MASTER=$(sentinel_get_master)
993
echo "Verifying redis master.."
994
if [ "$REDIS_PORT" -eq 0 ]; then
995
echo " ping (${MASTER}:${REDIS_TLS_PORT})"
997
echo " ping (${MASTER}:${REDIS_PORT})"
999
if [ "$(redis_ping_retry 3)" != "PONG" ]; then
1000
echo " $(date) Can't ping redis master (${MASTER})"
1001
echo "Attempting to force failover (sentinel failover).."
1003
if [ "$SENTINEL_PORT" -eq 0 ]; then
1004
echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
1005
if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
1006
echo " $(date) Failover returned with 'NOGOODSLAVE'"
1007
echo "Setting defaults for this pod.."
1012
echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
1013
if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
1014
echo " $(date) Failover returned with 'NOGOODSLAVE'"
1015
echo "Setting defaults for this pod.."
1021
echo "Hold on for 10sec"
1023
echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
1024
if [ "$SENTINEL_PORT" -eq 0 ]; then
1025
echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
1027
echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
1029
MASTER="$(sentinel_get_master)"
1030
if [ "${MASTER}" ]; then
1031
echo " $(date) Found redis master (${MASTER})"
1032
echo "Updating redis and sentinel config.."
1033
sentinel_update "${MASTER}"
1034
redis_update "${MASTER}"
1036
echo "$(date) Error: Could not failover, exiting..."
1040
echo " $(date) Found reachable redis master (${MASTER})"
1041
echo "Updating redis and sentinel config.."
1042
sentinel_update "${MASTER}"
1043
redis_update "${MASTER}"
1048
echo "Updating read-only redis config.."
1049
echo " redis.conf set 'replica-priority 0'"
1050
echo "replica-priority 0" >> ${REDIS_CONF}
1054
index=${1:-${INDEX}}
1055
service="${SERVICE}-announce-${index}"
1056
host=$(getent hosts "${service}")
1060
identify_announce_ip() {
1061
echo "Identify announce ip for this pod.."
1062
echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
1063
ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
1064
echo " identified announce (${ANNOUNCE_IP})"
1067
mkdir -p /data/conf/
1069
echo "Initializing config.."
1072
# where is redis master
1075
identify_announce_ip
1077
if [ -z "${ANNOUNCE_IP}" ]; then
1078
"Error: Could not resolve the announce ip for this pod."
1080
elif [ "${MASTER}" ]; then
1086
if [ "${AUTH:-}" ]; then
1087
echo "Setting redis auth values.."
1088
ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
1089
sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
1092
if [ "${SENTINELAUTH:-}" ]; then
1093
echo "Setting sentinel auth values"
1094
ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
1095
sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
1098
echo "$(date) Ready..."
1102
rename-command FLUSHDB ""
1103
rename-command FLUSHALL ""
1106
maxmemory-policy volatile-lru
1107
min-replicas-max-lag 5
1108
min-replicas-to-write 1
1111
repl-diskless-sync yes
1117
sentinel down-after-milliseconds argocd 10000
1118
sentinel failover-timeout argocd 180000
1120
sentinel parallel-syncs argocd 5
1121
trigger-failover-if-master.sh: |
1127
info | grep -c 'role:master' || true
1131
if [[ "$is_master" -eq 1 ]]; then
1132
echo "This node is currently master, we trigger a failover."
1137
SENTINEL failover argocd
1139
if [[ "$response" != "OK" ]] ; then
1144
while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do
1147
timeout=$((timeout - 1))
1149
echo "Failover successful"
1154
app.kubernetes.io/component: redis
1155
app.kubernetes.io/name: argocd-redis-ha
1156
app.kubernetes.io/part-of: argocd
1157
name: argocd-redis-ha-configmap
1161
redis_liveness.sh: |
1168
if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then
1172
echo "response=$response"
1173
redis_readiness.sh: |
1180
if [ "$response" != "PONG" ] ; then
1184
echo "response=$response"
1185
sentinel_liveness.sh: |
1192
if [ "$response" != "PONG" ]; then
1196
echo "response=$response"
1200
app.kubernetes.io/component: redis
1201
app.kubernetes.io/name: argocd-redis-ha
1202
app.kubernetes.io/part-of: argocd
1203
name: argocd-redis-ha-health-configmap
1208
# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
1209
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
1210
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
1211
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
1212
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
1213
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
1214
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
1215
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
1216
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
1217
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
1218
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
1219
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
1220
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
1221
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
1222
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
1226
app.kubernetes.io/name: argocd-ssh-known-hosts-cm
1227
app.kubernetes.io/part-of: argocd
1228
name: argocd-ssh-known-hosts-cm
1234
app.kubernetes.io/name: argocd-tls-certs-cm
1235
app.kubernetes.io/part-of: argocd
1236
name: argocd-tls-certs-cm
1242
app.kubernetes.io/component: notifications-controller
1243
app.kubernetes.io/name: argocd-notifications-controller
1244
app.kubernetes.io/part-of: argocd
1245
name: argocd-notifications-secret
1252
app.kubernetes.io/name: argocd-secret
1253
app.kubernetes.io/part-of: argocd
1261
app.kubernetes.io/component: applicationset-controller
1262
app.kubernetes.io/name: argocd-applicationset-controller
1263
app.kubernetes.io/part-of: argocd
1264
name: argocd-applicationset-controller
1276
app.kubernetes.io/name: argocd-applicationset-controller
1282
app.kubernetes.io/component: dex-server
1283
app.kubernetes.io/name: argocd-dex-server
1284
app.kubernetes.io/part-of: argocd
1285
name: argocd-dex-server
1302
app.kubernetes.io/name: argocd-dex-server
1308
app.kubernetes.io/component: metrics
1309
app.kubernetes.io/name: argocd-metrics
1310
app.kubernetes.io/part-of: argocd
1311
name: argocd-metrics
1319
app.kubernetes.io/name: argocd-application-controller
1325
app.kubernetes.io/component: notifications-controller
1326
app.kubernetes.io/name: argocd-notifications-controller-metrics
1327
app.kubernetes.io/part-of: argocd
1328
name: argocd-notifications-controller-metrics
1336
app.kubernetes.io/name: argocd-notifications-controller
1342
app.kubernetes.io/component: redis
1343
app.kubernetes.io/name: argocd-redis-ha
1344
app.kubernetes.io/part-of: argocd
1345
name: argocd-redis-ha
1353
- name: tcp-sentinel
1356
targetPort: sentinel
1358
app.kubernetes.io/name: argocd-redis-ha
1365
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
1367
app.kubernetes.io/component: redis
1368
app.kubernetes.io/name: argocd-redis-ha
1369
app.kubernetes.io/part-of: argocd
1370
name: argocd-redis-ha-announce-0
1377
- name: tcp-sentinel
1380
targetPort: sentinel
1381
publishNotReadyAddresses: true
1383
app.kubernetes.io/name: argocd-redis-ha
1384
statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-0
1391
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
1393
app.kubernetes.io/component: redis
1394
app.kubernetes.io/name: argocd-redis-ha
1395
app.kubernetes.io/part-of: argocd
1396
name: argocd-redis-ha-announce-1
1403
- name: tcp-sentinel
1406
targetPort: sentinel
1407
publishNotReadyAddresses: true
1409
app.kubernetes.io/name: argocd-redis-ha
1410
statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-1
1417
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
1419
app.kubernetes.io/component: redis
1420
app.kubernetes.io/name: argocd-redis-ha
1421
app.kubernetes.io/part-of: argocd
1422
name: argocd-redis-ha-announce-2
1429
- name: tcp-sentinel
1432
targetPort: sentinel
1433
publishNotReadyAddresses: true
1435
app.kubernetes.io/name: argocd-redis-ha
1436
statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-2
1443
app.kubernetes.io/component: redis
1444
app.kubernetes.io/name: argocd-redis-ha-haproxy
1445
app.kubernetes.io/part-of: argocd
1446
name: argocd-redis-ha-haproxy
1453
- name: http-exporter-port
1456
targetPort: metrics-port
1458
app.kubernetes.io/name: argocd-redis-ha-haproxy
1465
app.kubernetes.io/component: repo-server
1466
app.kubernetes.io/name: argocd-repo-server
1467
app.kubernetes.io/part-of: argocd
1468
name: argocd-repo-server
1480
app.kubernetes.io/name: argocd-repo-server
1486
app.kubernetes.io/component: server
1487
app.kubernetes.io/name: argocd-server
1488
app.kubernetes.io/part-of: argocd
1501
app.kubernetes.io/name: argocd-server
1507
app.kubernetes.io/component: server
1508
app.kubernetes.io/name: argocd-server-metrics
1509
app.kubernetes.io/part-of: argocd
1510
name: argocd-server-metrics
1518
app.kubernetes.io/name: argocd-server
1524
app.kubernetes.io/component: applicationset-controller
1525
app.kubernetes.io/name: argocd-applicationset-controller
1526
app.kubernetes.io/part-of: argocd
1527
name: argocd-applicationset-controller
1531
app.kubernetes.io/name: argocd-applicationset-controller
1535
app.kubernetes.io/name: argocd-applicationset-controller
1539
- /usr/local/bin/argocd-applicationset-controller
1541
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
1544
key: applicationsetcontroller.global.preserved.annotations
1545
name: argocd-cmd-params-cm
1547
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
1550
key: applicationsetcontroller.global.preserved.labels
1551
name: argocd-cmd-params-cm
1556
fieldPath: metadata.namespace
1557
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
1560
key: applicationsetcontroller.enable.leader.election
1561
name: argocd-cmd-params-cm
1563
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
1567
name: argocd-cmd-params-cm
1569
- name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
1572
key: applicationsetcontroller.policy
1573
name: argocd-cmd-params-cm
1575
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE
1578
key: applicationsetcontroller.enable.policy.override
1579
name: argocd-cmd-params-cm
1581
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
1584
key: applicationsetcontroller.debug
1585
name: argocd-cmd-params-cm
1587
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
1590
key: applicationsetcontroller.log.format
1591
name: argocd-cmd-params-cm
1593
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
1596
key: applicationsetcontroller.log.level
1597
name: argocd-cmd-params-cm
1599
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
1602
key: applicationsetcontroller.dryrun
1603
name: argocd-cmd-params-cm
1605
- name: ARGOCD_GIT_MODULES_ENABLED
1608
key: applicationsetcontroller.enable.git.submodule
1609
name: argocd-cmd-params-cm
1611
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
1614
key: applicationsetcontroller.enable.progressive.syncs
1615
name: argocd-cmd-params-cm
1617
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
1620
key: applicationsetcontroller.enable.new.git.file.globbing
1621
name: argocd-cmd-params-cm
1623
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT
1626
key: applicationsetcontroller.repo.server.plaintext
1627
name: argocd-cmd-params-cm
1629
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS
1632
key: applicationsetcontroller.repo.server.strict.tls
1633
name: argocd-cmd-params-cm
1635
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
1638
key: applicationsetcontroller.repo.server.timeout.seconds
1639
name: argocd-cmd-params-cm
1641
- name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS
1644
key: applicationsetcontroller.concurrent.reconciliations.max
1645
name: argocd-cmd-params-cm
1647
- name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES
1650
key: applicationsetcontroller.namespaces
1651
name: argocd-cmd-params-cm
1653
- name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
1656
key: applicationsetcontroller.scm.root.ca.path
1657
name: argocd-cmd-params-cm
1659
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
1662
key: applicationsetcontroller.allowed.scm.providers
1663
name: argocd-cmd-params-cm
1665
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
1668
key: applicationsetcontroller.enable.scm.providers
1669
name: argocd-cmd-params-cm
1671
image: quay.io/argoproj/argocd:latest
1672
imagePullPolicy: Always
1673
name: argocd-applicationset-controller
1675
- containerPort: 7000
1677
- containerPort: 8080
1680
allowPrivilegeEscalation: false
1684
readOnlyRootFilesystem: true
1687
type: RuntimeDefault
1689
- mountPath: /app/config/ssh
1690
name: ssh-known-hosts
1691
- mountPath: /app/config/tls
1693
- mountPath: /app/config/gpg/source
1695
- mountPath: /app/config/gpg/keys
1699
- mountPath: /app/config/reposerver/tls
1700
name: argocd-repo-server-tls
1701
serviceAccountName: argocd-applicationset-controller
1704
name: argocd-ssh-known-hosts-cm
1705
name: ssh-known-hosts
1707
name: argocd-tls-certs-cm
1710
name: argocd-gpg-keys-cm
1716
- name: argocd-repo-server-tls
1726
secretName: argocd-repo-server-tls
1732
app.kubernetes.io/component: dex-server
1733
app.kubernetes.io/name: argocd-dex-server
1734
app.kubernetes.io/part-of: argocd
1735
name: argocd-dex-server
1739
app.kubernetes.io/name: argocd-dex-server
1743
app.kubernetes.io/name: argocd-dex-server
1747
preferredDuringSchedulingIgnoredDuringExecution:
1751
app.kubernetes.io/part-of: argocd
1752
topologyKey: kubernetes.io/hostname
1756
- /shared/argocd-dex
1759
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
1762
key: dexserver.disable.tls
1763
name: argocd-cmd-params-cm
1765
image: ghcr.io/dexidp/dex:v2.38.0
1766
imagePullPolicy: Always
1769
- containerPort: 5556
1770
- containerPort: 5557
1771
- containerPort: 5558
1773
allowPrivilegeEscalation: false
1777
readOnlyRootFilesystem: true
1780
type: RuntimeDefault
1782
- mountPath: /shared
1787
name: argocd-dex-server-tls
1792
- /usr/local/bin/argocd
1793
- /shared/argocd-dex
1794
image: quay.io/argoproj/argocd:latest
1795
imagePullPolicy: Always
1798
allowPrivilegeEscalation: false
1802
readOnlyRootFilesystem: true
1805
type: RuntimeDefault
1807
- mountPath: /shared
1811
serviceAccountName: argocd-dex-server
1817
- name: argocd-dex-server-tls
1827
secretName: argocd-dex-server-tls
1833
app.kubernetes.io/component: notifications-controller
1834
app.kubernetes.io/name: argocd-notifications-controller
1835
app.kubernetes.io/part-of: argocd
1836
name: argocd-notifications-controller
1840
app.kubernetes.io/name: argocd-notifications-controller
1846
app.kubernetes.io/name: argocd-notifications-controller
1850
- /usr/local/bin/argocd-notifications
1852
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
1855
key: notificationscontroller.log.format
1856
name: argocd-cmd-params-cm
1858
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
1861
key: notificationscontroller.log.level
1862
name: argocd-cmd-params-cm
1864
- name: ARGOCD_APPLICATION_NAMESPACES
1867
key: application.namespaces
1868
name: argocd-cmd-params-cm
1870
- name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
1873
key: notificationscontroller.selfservice.enabled
1874
name: argocd-cmd-params-cm
1876
image: quay.io/argoproj/argocd:latest
1877
imagePullPolicy: Always
1881
name: argocd-notifications-controller
1883
allowPrivilegeEscalation: false
1887
readOnlyRootFilesystem: true
1889
- mountPath: /app/config/tls
1891
- mountPath: /app/config/reposerver/tls
1892
name: argocd-repo-server-tls
1897
type: RuntimeDefault
1898
serviceAccountName: argocd-notifications-controller
1901
name: argocd-tls-certs-cm
1903
- name: argocd-repo-server-tls
1913
secretName: argocd-repo-server-tls
1919
app.kubernetes.io/component: redis
1920
app.kubernetes.io/name: argocd-redis-ha-haproxy
1921
app.kubernetes.io/part-of: argocd
1922
name: argocd-redis-ha-haproxy
1925
revisionHistoryLimit: 1
1928
app.kubernetes.io/name: argocd-redis-ha-haproxy
1934
checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae
1935
prometheus.io/path: /metrics
1936
prometheus.io/port: "9101"
1937
prometheus.io/scrape: "true"
1939
app.kubernetes.io/name: argocd-redis-ha-haproxy
1940
name: argocd-redis-ha-haproxy
1944
requiredDuringSchedulingIgnoredDuringExecution:
1947
app.kubernetes.io/name: argocd-redis-ha-haproxy
1948
topologyKey: kubernetes.io/hostname
1950
- image: haproxy:2.6.14-alpine
1951
imagePullPolicy: IfNotPresent
1957
initialDelaySeconds: 5
1961
- containerPort: 6379
1963
- containerPort: 9101
1969
initialDelaySeconds: 5
1972
allowPrivilegeEscalation: false
1976
readOnlyRootFilesystem: true
1978
type: RuntimeDefault
1980
- mountPath: /usr/local/etc/haproxy
1982
- mountPath: /run/haproxy
1986
- /readonly/haproxy_init.sh
1989
image: haproxy:2.6.14-alpine
1990
imagePullPolicy: IfNotPresent
1993
allowPrivilegeEscalation: false
1997
readOnlyRootFilesystem: true
1999
type: RuntimeDefault
2001
- mountPath: /readonly
2010
serviceAccountName: argocd-redis-ha-haproxy
2013
name: argocd-redis-ha-configmap
2024
app.kubernetes.io/component: repo-server
2025
app.kubernetes.io/name: argocd-repo-server
2026
app.kubernetes.io/part-of: argocd
2027
name: argocd-repo-server
2032
app.kubernetes.io/name: argocd-repo-server
2036
app.kubernetes.io/name: argocd-repo-server
2040
preferredDuringSchedulingIgnoredDuringExecution:
2044
app.kubernetes.io/name: argocd-repo-server
2045
topologyKey: topology.kubernetes.io/zone
2047
requiredDuringSchedulingIgnoredDuringExecution:
2050
app.kubernetes.io/name: argocd-repo-server
2051
topologyKey: kubernetes.io/hostname
2052
automountServiceAccountToken: false
2055
- /usr/local/bin/argocd-repo-server
2057
- name: ARGOCD_RECONCILIATION_TIMEOUT
2060
key: timeout.reconciliation
2063
- name: ARGOCD_REPO_SERVER_LOGFORMAT
2066
key: reposerver.log.format
2067
name: argocd-cmd-params-cm
2069
- name: ARGOCD_REPO_SERVER_LOGLEVEL
2072
key: reposerver.log.level
2073
name: argocd-cmd-params-cm
2075
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
2078
key: reposerver.parallelism.limit
2079
name: argocd-cmd-params-cm
2081
- name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
2084
key: reposerver.listen.address
2085
name: argocd-cmd-params-cm
2087
- name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
2090
key: reposerver.metrics.listen.address
2091
name: argocd-cmd-params-cm
2093
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
2096
key: reposerver.disable.tls
2097
name: argocd-cmd-params-cm
2099
- name: ARGOCD_TLS_MIN_VERSION
2102
key: reposerver.tls.minversion
2103
name: argocd-cmd-params-cm
2105
- name: ARGOCD_TLS_MAX_VERSION
2108
key: reposerver.tls.maxversion
2109
name: argocd-cmd-params-cm
2111
- name: ARGOCD_TLS_CIPHERS
2114
key: reposerver.tls.ciphers
2115
name: argocd-cmd-params-cm
2117
- name: ARGOCD_REPO_CACHE_EXPIRATION
2120
key: reposerver.repo.cache.expiration
2121
name: argocd-cmd-params-cm
2123
- name: REDIS_SERVER
2127
name: argocd-cmd-params-cm
2129
- name: REDIS_COMPRESSION
2132
key: redis.compression
2133
name: argocd-cmd-params-cm
2139
name: argocd-cmd-params-cm
2141
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
2144
key: reposerver.default.cache.expiration
2145
name: argocd-cmd-params-cm
2147
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
2151
name: argocd-cmd-params-cm
2153
- name: ARGOCD_REPO_SERVER_OTLP_INSECURE
2157
name: argocd-cmd-params-cm
2159
- name: ARGOCD_REPO_SERVER_OTLP_HEADERS
2163
name: argocd-cmd-params-cm
2165
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
2168
key: reposerver.max.combined.directory.manifests.size
2169
name: argocd-cmd-params-cm
2171
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
2174
key: reposerver.plugin.tar.exclusions
2175
name: argocd-cmd-params-cm
2177
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
2180
key: reposerver.allow.oob.symlinks
2181
name: argocd-cmd-params-cm
2183
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
2186
key: reposerver.streamed.manifest.max.tar.size
2187
name: argocd-cmd-params-cm
2189
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
2192
key: reposerver.streamed.manifest.max.extracted.size
2193
name: argocd-cmd-params-cm
2195
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
2198
key: reposerver.helm.manifest.max.extracted.size
2199
name: argocd-cmd-params-cm
2201
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
2204
key: reposerver.disable.helm.manifest.max.extracted.size
2205
name: argocd-cmd-params-cm
2207
- name: ARGOCD_GIT_MODULES_ENABLED
2210
key: reposerver.enable.git.submodule
2211
name: argocd-cmd-params-cm
2213
- name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
2216
key: reposerver.git.lsremote.parallelism.limit
2217
name: argocd-cmd-params-cm
2219
- name: ARGOCD_GIT_REQUEST_TIMEOUT
2222
key: reposerver.git.request.timeout
2223
name: argocd-cmd-params-cm
2225
- name: HELM_CACHE_HOME
2226
value: /helm-working-dir
2227
- name: HELM_CONFIG_HOME
2228
value: /helm-working-dir
2229
- name: HELM_DATA_HOME
2230
value: /helm-working-dir
2231
image: quay.io/argoproj/argocd:latest
2232
imagePullPolicy: Always
2236
path: /healthz?full=true
2238
initialDelaySeconds: 30
2241
name: argocd-repo-server
2243
- containerPort: 8081
2244
- containerPort: 8084
2249
initialDelaySeconds: 5
2252
allowPrivilegeEscalation: false
2256
readOnlyRootFilesystem: true
2259
type: RuntimeDefault
2261
- mountPath: /app/config/ssh
2262
name: ssh-known-hosts
2263
- mountPath: /app/config/tls
2265
- mountPath: /app/config/gpg/source
2267
- mountPath: /app/config/gpg/keys
2269
- mountPath: /app/config/reposerver/tls
2270
name: argocd-repo-server-tls
2273
- mountPath: /helm-working-dir
2274
name: helm-working-dir
2275
- mountPath: /home/argocd/cmp-server/plugins
2281
- /usr/local/bin/argocd
2282
- /var/run/argocd/argocd-cmp-server
2283
image: quay.io/argoproj/argocd:latest
2286
allowPrivilegeEscalation: false
2290
readOnlyRootFilesystem: true
2293
type: RuntimeDefault
2295
- mountPath: /var/run/argocd
2297
serviceAccountName: argocd-repo-server
2300
name: argocd-ssh-known-hosts-cm
2301
name: ssh-known-hosts
2303
name: argocd-tls-certs-cm
2306
name: argocd-gpg-keys-cm
2313
name: helm-working-dir
2314
- name: argocd-repo-server-tls
2324
secretName: argocd-repo-server-tls
2334
app.kubernetes.io/component: server
2335
app.kubernetes.io/name: argocd-server
2336
app.kubernetes.io/part-of: argocd
2342
app.kubernetes.io/name: argocd-server
2346
app.kubernetes.io/name: argocd-server
2350
preferredDuringSchedulingIgnoredDuringExecution:
2354
app.kubernetes.io/name: argocd-server
2355
topologyKey: topology.kubernetes.io/zone
2357
requiredDuringSchedulingIgnoredDuringExecution:
2360
app.kubernetes.io/name: argocd-server
2361
topologyKey: kubernetes.io/hostname
2364
- /usr/local/bin/argocd-server
2366
- name: ARGOCD_API_SERVER_REPLICAS
2368
- name: ARGOCD_SERVER_INSECURE
2371
key: server.insecure
2372
name: argocd-cmd-params-cm
2374
- name: ARGOCD_SERVER_BASEHREF
2377
key: server.basehref
2378
name: argocd-cmd-params-cm
2380
- name: ARGOCD_SERVER_ROOTPATH
2383
key: server.rootpath
2384
name: argocd-cmd-params-cm
2386
- name: ARGOCD_SERVER_LOGFORMAT
2389
key: server.log.format
2390
name: argocd-cmd-params-cm
2392
- name: ARGOCD_SERVER_LOG_LEVEL
2395
key: server.log.level
2396
name: argocd-cmd-params-cm
2398
- name: ARGOCD_SERVER_REPO_SERVER
2402
name: argocd-cmd-params-cm
2404
- name: ARGOCD_SERVER_DEX_SERVER
2407
key: server.dex.server
2408
name: argocd-cmd-params-cm
2410
- name: ARGOCD_SERVER_DISABLE_AUTH
2413
key: server.disable.auth
2414
name: argocd-cmd-params-cm
2416
- name: ARGOCD_SERVER_ENABLE_GZIP
2419
key: server.enable.gzip
2420
name: argocd-cmd-params-cm
2422
- name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS
2425
key: server.repo.server.timeout.seconds
2426
name: argocd-cmd-params-cm
2428
- name: ARGOCD_SERVER_X_FRAME_OPTIONS
2431
key: server.x.frame.options
2432
name: argocd-cmd-params-cm
2434
- name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY
2437
key: server.content.security.policy
2438
name: argocd-cmd-params-cm
2440
- name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT
2443
key: server.repo.server.plaintext
2444
name: argocd-cmd-params-cm
2446
- name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS
2449
key: server.repo.server.strict.tls
2450
name: argocd-cmd-params-cm
2452
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
2455
key: server.dex.server.plaintext
2456
name: argocd-cmd-params-cm
2458
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
2461
key: server.dex.server.strict.tls
2462
name: argocd-cmd-params-cm
2464
- name: ARGOCD_TLS_MIN_VERSION
2467
key: server.tls.minversion
2468
name: argocd-cmd-params-cm
2470
- name: ARGOCD_TLS_MAX_VERSION
2473
key: server.tls.maxversion
2474
name: argocd-cmd-params-cm
2476
- name: ARGOCD_TLS_CIPHERS
2479
key: server.tls.ciphers
2480
name: argocd-cmd-params-cm
2482
- name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION
2485
key: server.connection.status.cache.expiration
2486
name: argocd-cmd-params-cm
2488
- name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION
2491
key: server.oidc.cache.expiration
2492
name: argocd-cmd-params-cm
2494
- name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION
2497
key: server.login.attempts.expiration
2498
name: argocd-cmd-params-cm
2500
- name: ARGOCD_SERVER_STATIC_ASSETS
2503
key: server.staticassets
2504
name: argocd-cmd-params-cm
2506
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
2509
key: server.app.state.cache.expiration
2510
name: argocd-cmd-params-cm
2512
- name: REDIS_SERVER
2516
name: argocd-cmd-params-cm
2518
- name: REDIS_COMPRESSION
2521
key: redis.compression
2522
name: argocd-cmd-params-cm
2528
name: argocd-cmd-params-cm
2530
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
2533
key: server.default.cache.expiration
2534
name: argocd-cmd-params-cm
2536
- name: ARGOCD_MAX_COOKIE_NUMBER
2539
key: server.http.cookie.maxnumber
2540
name: argocd-cmd-params-cm
2542
- name: ARGOCD_SERVER_LISTEN_ADDRESS
2545
key: server.listen.address
2546
name: argocd-cmd-params-cm
2548
- name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS
2551
key: server.metrics.listen.address
2552
name: argocd-cmd-params-cm
2554
- name: ARGOCD_SERVER_OTLP_ADDRESS
2558
name: argocd-cmd-params-cm
2560
- name: ARGOCD_SERVER_OTLP_INSECURE
2564
name: argocd-cmd-params-cm
2566
- name: ARGOCD_SERVER_OTLP_HEADERS
2570
name: argocd-cmd-params-cm
2572
- name: ARGOCD_APPLICATION_NAMESPACES
2575
key: application.namespaces
2576
name: argocd-cmd-params-cm
2578
- name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION
2581
key: server.enable.proxy.extension
2582
name: argocd-cmd-params-cm
2584
- name: ARGOCD_K8SCLIENT_RETRY_MAX
2587
key: server.k8sclient.retry.max
2588
name: argocd-cmd-params-cm
2590
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
2593
key: server.k8sclient.retry.base.backoff
2594
name: argocd-cmd-params-cm
2596
- name: ARGOCD_API_CONTENT_TYPES
2599
key: server.api.content.types
2600
name: argocd-cmd-params-cm
2602
image: quay.io/argoproj/argocd:latest
2603
imagePullPolicy: Always
2606
path: /healthz?full=true
2608
initialDelaySeconds: 3
2613
- containerPort: 8080
2614
- containerPort: 8083
2619
initialDelaySeconds: 3
2622
allowPrivilegeEscalation: false
2626
readOnlyRootFilesystem: true
2629
type: RuntimeDefault
2631
- mountPath: /app/config/ssh
2632
name: ssh-known-hosts
2633
- mountPath: /app/config/tls
2635
- mountPath: /app/config/server/tls
2636
name: argocd-repo-server-tls
2637
- mountPath: /app/config/dex/tls
2638
name: argocd-dex-server-tls
2639
- mountPath: /home/argocd
2643
serviceAccountName: argocd-server
2650
name: argocd-ssh-known-hosts-cm
2651
name: ssh-known-hosts
2653
name: argocd-tls-certs-cm
2655
- name: argocd-repo-server-tls
2665
secretName: argocd-repo-server-tls
2666
- name: argocd-dex-server-tls
2674
secretName: argocd-dex-server-tls
2680
app.kubernetes.io/component: application-controller
2681
app.kubernetes.io/name: argocd-application-controller
2682
app.kubernetes.io/part-of: argocd
2683
name: argocd-application-controller
2688
app.kubernetes.io/name: argocd-application-controller
2689
serviceName: argocd-application-controller
2693
app.kubernetes.io/name: argocd-application-controller
2697
preferredDuringSchedulingIgnoredDuringExecution:
2701
app.kubernetes.io/name: argocd-application-controller
2702
topologyKey: kubernetes.io/hostname
2707
app.kubernetes.io/part-of: argocd
2708
topologyKey: kubernetes.io/hostname
2712
- /usr/local/bin/argocd-application-controller
2714
- name: ARGOCD_CONTROLLER_REPLICAS
2716
- name: ARGOCD_RECONCILIATION_TIMEOUT
2719
key: timeout.reconciliation
2722
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
2725
key: timeout.hard.reconciliation
2728
- name: ARGOCD_RECONCILIATION_JITTER
2731
key: timeout.reconciliation.jitter
2734
- name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
2737
key: controller.repo.error.grace.period.seconds
2738
name: argocd-cmd-params-cm
2740
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
2744
name: argocd-cmd-params-cm
2746
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
2749
key: controller.repo.server.timeout.seconds
2750
name: argocd-cmd-params-cm
2752
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
2755
key: controller.status.processors
2756
name: argocd-cmd-params-cm
2758
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
2761
key: controller.operation.processors
2762
name: argocd-cmd-params-cm
2764
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
2767
key: controller.log.format
2768
name: argocd-cmd-params-cm
2770
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
2773
key: controller.log.level
2774
name: argocd-cmd-params-cm
2776
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
2779
key: controller.metrics.cache.expiration
2780
name: argocd-cmd-params-cm
2782
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
2785
key: controller.self.heal.timeout.seconds
2786
name: argocd-cmd-params-cm
2788
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
2791
key: controller.repo.server.plaintext
2792
name: argocd-cmd-params-cm
2794
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
2797
key: controller.repo.server.strict.tls
2798
name: argocd-cmd-params-cm
2800
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
2803
key: controller.resource.health.persist
2804
name: argocd-cmd-params-cm
2806
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
2809
key: controller.app.state.cache.expiration
2810
name: argocd-cmd-params-cm
2812
- name: REDIS_SERVER
2816
name: argocd-cmd-params-cm
2818
- name: REDIS_COMPRESSION
2821
key: redis.compression
2822
name: argocd-cmd-params-cm
2828
name: argocd-cmd-params-cm
2830
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
2833
key: controller.default.cache.expiration
2834
name: argocd-cmd-params-cm
2836
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
2840
name: argocd-cmd-params-cm
2842
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
2846
name: argocd-cmd-params-cm
2848
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
2852
name: argocd-cmd-params-cm
2854
- name: ARGOCD_APPLICATION_NAMESPACES
2857
key: application.namespaces
2858
name: argocd-cmd-params-cm
2860
- name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
2863
key: controller.sharding.algorithm
2864
name: argocd-cmd-params-cm
2866
- name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
2869
key: controller.kubectl.parallelism.limit
2870
name: argocd-cmd-params-cm
2872
- name: ARGOCD_K8SCLIENT_RETRY_MAX
2875
key: controller.k8sclient.retry.max
2876
name: argocd-cmd-params-cm
2878
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
2881
key: controller.k8sclient.retry.base.backoff
2882
name: argocd-cmd-params-cm
2884
- name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
2887
key: controller.diff.server.side
2888
name: argocd-cmd-params-cm
2890
image: quay.io/argoproj/argocd:latest
2891
imagePullPolicy: Always
2892
name: argocd-application-controller
2894
- containerPort: 8082
2899
initialDelaySeconds: 5
2902
allowPrivilegeEscalation: false
2906
readOnlyRootFilesystem: true
2909
type: RuntimeDefault
2911
- mountPath: /app/config/controller/tls
2912
name: argocd-repo-server-tls
2913
- mountPath: /home/argocd
2915
workingDir: /home/argocd
2916
serviceAccountName: argocd-application-controller
2920
- name: argocd-repo-server-tls
2930
secretName: argocd-repo-server-tls
2936
app.kubernetes.io/component: redis
2937
app.kubernetes.io/name: argocd-redis-ha
2938
app.kubernetes.io/part-of: argocd
2939
name: argocd-redis-ha-server
2941
podManagementPolicy: OrderedReady
2945
app.kubernetes.io/name: argocd-redis-ha
2946
serviceName: argocd-redis-ha
2950
checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75
2952
app.kubernetes.io/name: argocd-redis-ha
2956
requiredDuringSchedulingIgnoredDuringExecution:
2959
app.kubernetes.io/name: argocd-redis-ha
2960
topologyKey: kubernetes.io/hostname
2961
automountServiceAccountToken: false
2964
- /data/conf/redis.conf
2967
image: redis:7.0.14-alpine
2968
imagePullPolicy: IfNotPresent
2974
- /readonly-config/trigger-failover-if-master.sh
2980
- /health/redis_liveness.sh
2982
initialDelaySeconds: 30
2988
- containerPort: 6379
2995
- /health/redis_readiness.sh
2997
initialDelaySeconds: 30
3002
allowPrivilegeEscalation: false
3006
readOnlyRootFilesystem: true
3008
type: RuntimeDefault
3010
- mountPath: /readonly-config
3015
- mountPath: /health
3018
- /data/conf/sentinel.conf
3021
image: redis:7.0.14-alpine
3022
imagePullPolicy: IfNotPresent
3029
- /health/sentinel_liveness.sh
3031
initialDelaySeconds: 30
3037
- containerPort: 26379
3044
- /health/sentinel_liveness.sh
3046
initialDelaySeconds: 30
3051
allowPrivilegeEscalation: false
3055
readOnlyRootFilesystem: true
3057
type: RuntimeDefault
3061
- mountPath: /health
3064
- /readonly-config/fix-split-brain.sh
3068
- name: SENTINEL_ID_0
3069
value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
3070
- name: SENTINEL_ID_1
3071
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
3072
- name: SENTINEL_ID_2
3073
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
3074
image: redis:7.0.14-alpine
3075
imagePullPolicy: IfNotPresent
3076
name: split-brain-fix
3079
allowPrivilegeEscalation: false
3083
readOnlyRootFilesystem: true
3085
type: RuntimeDefault
3087
- mountPath: /readonly-config
3094
- /readonly-config/init.sh
3098
- name: SENTINEL_ID_0
3099
value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
3100
- name: SENTINEL_ID_1
3101
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
3102
- name: SENTINEL_ID_2
3103
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
3104
image: redis:7.0.14-alpine
3105
imagePullPolicy: IfNotPresent
3108
allowPrivilegeEscalation: false
3112
readOnlyRootFilesystem: true
3114
type: RuntimeDefault
3116
- mountPath: /readonly-config
3125
serviceAccountName: argocd-redis-ha
3126
terminationGracePeriodSeconds: 60
3129
name: argocd-redis-ha-configmap
3133
name: argocd-redis-ha-health-configmap
3140
apiVersion: networking.k8s.io/v1
3143
name: argocd-application-controller-network-policy
3147
- namespaceSelector: {}
3152
app.kubernetes.io/name: argocd-application-controller
3156
apiVersion: networking.k8s.io/v1
3159
name: argocd-applicationset-controller-network-policy
3163
- namespaceSelector: {}
3171
app.kubernetes.io/name: argocd-applicationset-controller
3175
apiVersion: networking.k8s.io/v1
3178
name: argocd-dex-server-network-policy
3184
app.kubernetes.io/name: argocd-server
3191
- namespaceSelector: {}
3197
app.kubernetes.io/name: argocd-dex-server
3201
apiVersion: networking.k8s.io/v1
3205
app.kubernetes.io/component: notifications-controller
3206
app.kubernetes.io/name: argocd-notifications-controller
3207
app.kubernetes.io/part-of: argocd
3208
name: argocd-notifications-controller-network-policy
3212
- namespaceSelector: {}
3218
app.kubernetes.io/name: argocd-notifications-controller
3222
apiVersion: networking.k8s.io/v1
3225
name: argocd-redis-ha-proxy-network-policy
3236
app.kubernetes.io/name: argocd-redis-ha
3246
app.kubernetes.io/name: argocd-server
3249
app.kubernetes.io/name: argocd-repo-server
3252
app.kubernetes.io/name: argocd-application-controller
3260
app.kubernetes.io/name: argocd-redis-ha-haproxy
3265
apiVersion: networking.k8s.io/v1
3268
name: argocd-redis-ha-server-network-policy
3279
app.kubernetes.io/name: argocd-redis-ha
3289
app.kubernetes.io/name: argocd-redis-ha-haproxy
3292
app.kubernetes.io/name: argocd-redis-ha
3300
app.kubernetes.io/name: argocd-redis-ha
3305
apiVersion: networking.k8s.io/v1
3308
name: argocd-repo-server-network-policy
3314
app.kubernetes.io/name: argocd-server
3317
app.kubernetes.io/name: argocd-application-controller
3320
app.kubernetes.io/name: argocd-notifications-controller
3323
app.kubernetes.io/name: argocd-applicationset-controller
3328
- namespaceSelector: {}
3333
app.kubernetes.io/name: argocd-repo-server
3337
apiVersion: networking.k8s.io/v1
3340
name: argocd-server-network-policy
3346
app.kubernetes.io/name: argocd-server