argo-cd

1
# This is an auto-generated file. DO NOT EDIT
2
apiVersion: v1
3
kind: ServiceAccount
4
metadata:
5
  labels:
6
    app.kubernetes.io/component: application-controller
7
    app.kubernetes.io/name: argocd-application-controller
8
    app.kubernetes.io/part-of: argocd
9
  name: argocd-application-controller
10
---
11
apiVersion: v1
12
kind: ServiceAccount
13
metadata:
14
  labels:
15
    app.kubernetes.io/component: applicationset-controller
16
    app.kubernetes.io/name: argocd-applicationset-controller
17
    app.kubernetes.io/part-of: argocd
18
  name: argocd-applicationset-controller
19
---
20
apiVersion: v1
21
kind: ServiceAccount
22
metadata:
23
  labels:
24
    app.kubernetes.io/component: dex-server
25
    app.kubernetes.io/name: argocd-dex-server
26
    app.kubernetes.io/part-of: argocd
27
  name: argocd-dex-server
28
---
29
apiVersion: v1
30
kind: ServiceAccount
31
metadata:
32
  labels:
33
    app.kubernetes.io/component: notifications-controller
34
    app.kubernetes.io/name: argocd-notifications-controller
35
    app.kubernetes.io/part-of: argocd
36
  name: argocd-notifications-controller
37
---
38
apiVersion: v1
39
kind: ServiceAccount
40
metadata:
41
  labels:
42
    app.kubernetes.io/component: redis
43
    app.kubernetes.io/name: argocd-redis
44
    app.kubernetes.io/part-of: argocd
45
  name: argocd-redis
46
---
47
apiVersion: v1
48
kind: ServiceAccount
49
metadata:
50
  labels:
51
    app.kubernetes.io/component: repo-server
52
    app.kubernetes.io/name: argocd-repo-server
53
    app.kubernetes.io/part-of: argocd
54
  name: argocd-repo-server
55
---
56
apiVersion: v1
57
kind: ServiceAccount
58
metadata:
59
  labels:
60
    app.kubernetes.io/component: server
61
    app.kubernetes.io/name: argocd-server
62
    app.kubernetes.io/part-of: argocd
63
  name: argocd-server
64
---
65
apiVersion: rbac.authorization.k8s.io/v1
66
kind: Role
67
metadata:
68
  labels:
69
    app.kubernetes.io/component: application-controller
70
    app.kubernetes.io/name: argocd-application-controller
71
    app.kubernetes.io/part-of: argocd
72
  name: argocd-application-controller
73
rules:
74
- apiGroups:
75
  - ""
76
  resources:
77
  - secrets
78
  - configmaps
79
  verbs:
80
  - get
81
  - list
82
  - watch
83
- apiGroups:
84
  - argoproj.io
85
  resources:
86
  - applications
87
  - appprojects
88
  verbs:
89
  - create
90
  - get
91
  - list
92
  - watch
93
  - update
94
  - patch
95
  - delete
96
- apiGroups:
97
  - ""
98
  resources:
99
  - events
100
  verbs:
101
  - create
102
  - list
103
- apiGroups:
104
  - apps
105
  resources:
106
  - deployments
107
  verbs:
108
  - get
109
  - list
110
  - watch
111
---
112
apiVersion: rbac.authorization.k8s.io/v1
113
kind: Role
114
metadata:
115
  labels:
116
    app.kubernetes.io/component: applicationset-controller
117
    app.kubernetes.io/name: argocd-applicationset-controller
118
    app.kubernetes.io/part-of: argocd
119
  name: argocd-applicationset-controller
120
rules:
121
- apiGroups:
122
  - argoproj.io
123
  resources:
124
  - applications
125
  - applicationsets
126
  - applicationsets/finalizers
127
  verbs:
128
  - create
129
  - delete
130
  - get
131
  - list
132
  - patch
133
  - update
134
  - watch
135
- apiGroups:
136
  - argoproj.io
137
  resources:
138
  - appprojects
139
  verbs:
140
  - get
141
- apiGroups:
142
  - argoproj.io
143
  resources:
144
  - applicationsets/status
145
  verbs:
146
  - get
147
  - patch
148
  - update
149
- apiGroups:
150
  - ""
151
  resources:
152
  - events
153
  verbs:
154
  - create
155
  - get
156
  - list
157
  - patch
158
  - watch
159
- apiGroups:
160
  - ""
161
  resources:
162
  - secrets
163
  - configmaps
164
  verbs:
165
  - get
166
  - list
167
  - watch
168
- apiGroups:
169
  - apps
170
  - extensions
171
  resources:
172
  - deployments
173
  verbs:
174
  - get
175
  - list
176
  - watch
177
---
178
apiVersion: rbac.authorization.k8s.io/v1
179
kind: Role
180
metadata:
181
  labels:
182
    app.kubernetes.io/component: dex-server
183
    app.kubernetes.io/name: argocd-dex-server
184
    app.kubernetes.io/part-of: argocd
185
  name: argocd-dex-server
186
rules:
187
- apiGroups:
188
  - ""
189
  resources:
190
  - secrets
191
  - configmaps
192
  verbs:
193
  - get
194
  - list
195
  - watch
196
---
197
apiVersion: rbac.authorization.k8s.io/v1
198
kind: Role
199
metadata:
200
  labels:
201
    app.kubernetes.io/component: notifications-controller
202
    app.kubernetes.io/name: argocd-notifications-controller
203
    app.kubernetes.io/part-of: argocd
204
  name: argocd-notifications-controller
205
rules:
206
- apiGroups:
207
  - argoproj.io
208
  resources:
209
  - applications
210
  - appprojects
211
  verbs:
212
  - get
213
  - list
214
  - watch
215
  - update
216
  - patch
217
- apiGroups:
218
  - ""
219
  resources:
220
  - configmaps
221
  - secrets
222
  verbs:
223
  - list
224
  - watch
225
- apiGroups:
226
  - ""
227
  resourceNames:
228
  - argocd-notifications-cm
229
  resources:
230
  - configmaps
231
  verbs:
232
  - get
233
- apiGroups:
234
  - ""
235
  resourceNames:
236
  - argocd-notifications-secret
237
  resources:
238
  - secrets
239
  verbs:
240
  - get
241
---
242
apiVersion: rbac.authorization.k8s.io/v1
243
kind: Role
244
metadata:
245
  labels:
246
    app.kubernetes.io/component: server
247
    app.kubernetes.io/name: argocd-server
248
    app.kubernetes.io/part-of: argocd
249
  name: argocd-server
250
rules:
251
- apiGroups:
252
  - ""
253
  resources:
254
  - secrets
255
  - configmaps
256
  verbs:
257
  - create
258
  - get
259
  - list
260
  - watch
261
  - update
262
  - patch
263
  - delete
264
- apiGroups:
265
  - argoproj.io
266
  resources:
267
  - applications
268
  - appprojects
269
  - applicationsets
270
  verbs:
271
  - create
272
  - get
273
  - list
274
  - watch
275
  - update
276
  - delete
277
  - patch
278
- apiGroups:
279
  - ""
280
  resources:
281
  - events
282
  verbs:
283
  - create
284
  - list
285
---
286
apiVersion: rbac.authorization.k8s.io/v1
287
kind: RoleBinding
288
metadata:
289
  labels:
290
    app.kubernetes.io/component: application-controller
291
    app.kubernetes.io/name: argocd-application-controller
292
    app.kubernetes.io/part-of: argocd
293
  name: argocd-application-controller
294
roleRef:
295
  apiGroup: rbac.authorization.k8s.io
296
  kind: Role
297
  name: argocd-application-controller
298
subjects:
299
- kind: ServiceAccount
300
  name: argocd-application-controller
301
---
302
apiVersion: rbac.authorization.k8s.io/v1
303
kind: RoleBinding
304
metadata:
305
  labels:
306
    app.kubernetes.io/component: applicationset-controller
307
    app.kubernetes.io/name: argocd-applicationset-controller
308
    app.kubernetes.io/part-of: argocd
309
  name: argocd-applicationset-controller
310
roleRef:
311
  apiGroup: rbac.authorization.k8s.io
312
  kind: Role
313
  name: argocd-applicationset-controller
314
subjects:
315
- kind: ServiceAccount
316
  name: argocd-applicationset-controller
317
---
318
apiVersion: rbac.authorization.k8s.io/v1
319
kind: RoleBinding
320
metadata:
321
  labels:
322
    app.kubernetes.io/component: dex-server
323
    app.kubernetes.io/name: argocd-dex-server
324
    app.kubernetes.io/part-of: argocd
325
  name: argocd-dex-server
326
roleRef:
327
  apiGroup: rbac.authorization.k8s.io
328
  kind: Role
329
  name: argocd-dex-server
330
subjects:
331
- kind: ServiceAccount
332
  name: argocd-dex-server
333
---
334
apiVersion: rbac.authorization.k8s.io/v1
335
kind: RoleBinding
336
metadata:
337
  labels:
338
    app.kubernetes.io/component: notifications-controller
339
    app.kubernetes.io/name: argocd-notifications-controller
340
    app.kubernetes.io/part-of: argocd
341
  name: argocd-notifications-controller
342
roleRef:
343
  apiGroup: rbac.authorization.k8s.io
344
  kind: Role
345
  name: argocd-notifications-controller
346
subjects:
347
- kind: ServiceAccount
348
  name: argocd-notifications-controller
349
---
350
apiVersion: rbac.authorization.k8s.io/v1
351
kind: RoleBinding
352
metadata:
353
  labels:
354
    app.kubernetes.io/component: server
355
    app.kubernetes.io/name: argocd-server
356
    app.kubernetes.io/part-of: argocd
357
  name: argocd-server
358
roleRef:
359
  apiGroup: rbac.authorization.k8s.io
360
  kind: Role
361
  name: argocd-server
362
subjects:
363
- kind: ServiceAccount
364
  name: argocd-server
365
---
366
apiVersion: v1
367
kind: ConfigMap
368
metadata:
369
  labels:
370
    app.kubernetes.io/name: argocd-cm
371
    app.kubernetes.io/part-of: argocd
372
  name: argocd-cm
373
---
374
apiVersion: v1
375
kind: ConfigMap
376
metadata:
377
  labels:
378
    app.kubernetes.io/name: argocd-cmd-params-cm
379
    app.kubernetes.io/part-of: argocd
380
  name: argocd-cmd-params-cm
381
---
382
apiVersion: v1
383
kind: ConfigMap
384
metadata:
385
  labels:
386
    app.kubernetes.io/name: argocd-gpg-keys-cm
387
    app.kubernetes.io/part-of: argocd
388
  name: argocd-gpg-keys-cm
389
---
390
apiVersion: v1
391
kind: ConfigMap
392
metadata:
393
  labels:
394
    app.kubernetes.io/component: notifications-controller
395
    app.kubernetes.io/name: argocd-notifications-controller
396
    app.kubernetes.io/part-of: argocd
397
  name: argocd-notifications-cm
398
---
399
apiVersion: v1
400
kind: ConfigMap
401
metadata:
402
  labels:
403
    app.kubernetes.io/name: argocd-rbac-cm
404
    app.kubernetes.io/part-of: argocd
405
  name: argocd-rbac-cm
406
---
407
apiVersion: v1
408
data:
409
  ssh_known_hosts: |
410
    # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
411
    [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
412
    [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
413
    [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
414
    bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
415
    bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
416
    bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
417
    github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
418
    github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
419
    github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
420
    gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
421
    gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
422
    gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
423
    ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
424
    vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
425
kind: ConfigMap
426
metadata:
427
  labels:
428
    app.kubernetes.io/name: argocd-ssh-known-hosts-cm
429
    app.kubernetes.io/part-of: argocd
430
  name: argocd-ssh-known-hosts-cm
431
---
432
apiVersion: v1
433
kind: ConfigMap
434
metadata:
435
  labels:
436
    app.kubernetes.io/name: argocd-tls-certs-cm
437
    app.kubernetes.io/part-of: argocd
438
  name: argocd-tls-certs-cm
439
---
440
apiVersion: v1
441
kind: Secret
442
metadata:
443
  labels:
444
    app.kubernetes.io/component: notifications-controller
445
    app.kubernetes.io/name: argocd-notifications-controller
446
    app.kubernetes.io/part-of: argocd
447
  name: argocd-notifications-secret
448
type: Opaque
449
---
450
apiVersion: v1
451
kind: Secret
452
metadata:
453
  labels:
454
    app.kubernetes.io/name: argocd-secret
455
    app.kubernetes.io/part-of: argocd
456
  name: argocd-secret
457
type: Opaque
458
---
459
apiVersion: v1
460
kind: Service
461
metadata:
462
  labels:
463
    app.kubernetes.io/component: applicationset-controller
464
    app.kubernetes.io/name: argocd-applicationset-controller
465
    app.kubernetes.io/part-of: argocd
466
  name: argocd-applicationset-controller
467
spec:
468
  ports:
469
  - name: webhook
470
    port: 7000
471
    protocol: TCP
472
    targetPort: webhook
473
  - name: metrics
474
    port: 8080
475
    protocol: TCP
476
    targetPort: metrics
477
  selector:
478
    app.kubernetes.io/name: argocd-applicationset-controller
479
---
480
apiVersion: v1
481
kind: Service
482
metadata:
483
  labels:
484
    app.kubernetes.io/component: dex-server
485
    app.kubernetes.io/name: argocd-dex-server
486
    app.kubernetes.io/part-of: argocd
487
  name: argocd-dex-server
488
spec:
489
  ports:
490
  - appProtocol: TCP
491
    name: http
492
    port: 5556
493
    protocol: TCP
494
    targetPort: 5556
495
  - name: grpc
496
    port: 5557
497
    protocol: TCP
498
    targetPort: 5557
499
  - name: metrics
500
    port: 5558
501
    protocol: TCP
502
    targetPort: 5558
503
  selector:
504
    app.kubernetes.io/name: argocd-dex-server
505
---
506
apiVersion: v1
507
kind: Service
508
metadata:
509
  labels:
510
    app.kubernetes.io/component: metrics
511
    app.kubernetes.io/name: argocd-metrics
512
    app.kubernetes.io/part-of: argocd
513
  name: argocd-metrics
514
spec:
515
  ports:
516
  - name: metrics
517
    port: 8082
518
    protocol: TCP
519
    targetPort: 8082
520
  selector:
521
    app.kubernetes.io/name: argocd-application-controller
522
---
523
apiVersion: v1
524
kind: Service
525
metadata:
526
  labels:
527
    app.kubernetes.io/component: notifications-controller
528
    app.kubernetes.io/name: argocd-notifications-controller-metrics
529
    app.kubernetes.io/part-of: argocd
530
  name: argocd-notifications-controller-metrics
531
spec:
532
  ports:
533
  - name: metrics
534
    port: 9001
535
    protocol: TCP
536
    targetPort: 9001
537
  selector:
538
    app.kubernetes.io/name: argocd-notifications-controller
539
---
540
apiVersion: v1
541
kind: Service
542
metadata:
543
  labels:
544
    app.kubernetes.io/component: redis
545
    app.kubernetes.io/name: argocd-redis
546
    app.kubernetes.io/part-of: argocd
547
  name: argocd-redis
548
spec:
549
  ports:
550
  - name: tcp-redis
551
    port: 6379
552
    targetPort: 6379
553
  selector:
554
    app.kubernetes.io/name: argocd-redis
555
---
556
apiVersion: v1
557
kind: Service
558
metadata:
559
  labels:
560
    app.kubernetes.io/component: repo-server
561
    app.kubernetes.io/name: argocd-repo-server
562
    app.kubernetes.io/part-of: argocd
563
  name: argocd-repo-server
564
spec:
565
  ports:
566
  - name: server
567
    port: 8081
568
    protocol: TCP
569
    targetPort: 8081
570
  - name: metrics
571
    port: 8084
572
    protocol: TCP
573
    targetPort: 8084
574
  selector:
575
    app.kubernetes.io/name: argocd-repo-server
576
---
577
apiVersion: v1
578
kind: Service
579
metadata:
580
  labels:
581
    app.kubernetes.io/component: server
582
    app.kubernetes.io/name: argocd-server
583
    app.kubernetes.io/part-of: argocd
584
  name: argocd-server
585
spec:
586
  ports:
587
  - name: http
588
    port: 80
589
    protocol: TCP
590
    targetPort: 8080
591
  - name: https
592
    port: 443
593
    protocol: TCP
594
    targetPort: 8080
595
  selector:
596
    app.kubernetes.io/name: argocd-server
597
---
598
apiVersion: v1
599
kind: Service
600
metadata:
601
  labels:
602
    app.kubernetes.io/component: server
603
    app.kubernetes.io/name: argocd-server-metrics
604
    app.kubernetes.io/part-of: argocd
605
  name: argocd-server-metrics
606
spec:
607
  ports:
608
  - name: metrics
609
    port: 8083
610
    protocol: TCP
611
    targetPort: 8083
612
  selector:
613
    app.kubernetes.io/name: argocd-server
614
---
615
apiVersion: apps/v1
616
kind: Deployment
617
metadata:
618
  labels:
619
    app.kubernetes.io/component: applicationset-controller
620
    app.kubernetes.io/name: argocd-applicationset-controller
621
    app.kubernetes.io/part-of: argocd
622
  name: argocd-applicationset-controller
623
spec:
624
  selector:
625
    matchLabels:
626
      app.kubernetes.io/name: argocd-applicationset-controller
627
  template:
628
    metadata:
629
      labels:
630
        app.kubernetes.io/name: argocd-applicationset-controller
631
    spec:
632
      containers:
633
      - args:
634
        - /usr/local/bin/argocd-applicationset-controller
635
        env:
636
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
637
          valueFrom:
638
            configMapKeyRef:
639
              key: applicationsetcontroller.global.preserved.annotations
640
              name: argocd-cmd-params-cm
641
              optional: true
642
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
643
          valueFrom:
644
            configMapKeyRef:
645
              key: applicationsetcontroller.global.preserved.labels
646
              name: argocd-cmd-params-cm
647
              optional: true
648
        - name: NAMESPACE
649
          valueFrom:
650
            fieldRef:
651
              fieldPath: metadata.namespace
652
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
653
          valueFrom:
654
            configMapKeyRef:
655
              key: applicationsetcontroller.enable.leader.election
656
              name: argocd-cmd-params-cm
657
              optional: true
658
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
659
          valueFrom:
660
            configMapKeyRef:
661
              key: repo.server
662
              name: argocd-cmd-params-cm
663
              optional: true
664
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
665
          valueFrom:
666
            configMapKeyRef:
667
              key: applicationsetcontroller.policy
668
              name: argocd-cmd-params-cm
669
              optional: true
670
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE
671
          valueFrom:
672
            configMapKeyRef:
673
              key: applicationsetcontroller.enable.policy.override
674
              name: argocd-cmd-params-cm
675
              optional: true
676
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
677
          valueFrom:
678
            configMapKeyRef:
679
              key: applicationsetcontroller.debug
680
              name: argocd-cmd-params-cm
681
              optional: true
682
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
683
          valueFrom:
684
            configMapKeyRef:
685
              key: applicationsetcontroller.log.format
686
              name: argocd-cmd-params-cm
687
              optional: true
688
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
689
          valueFrom:
690
            configMapKeyRef:
691
              key: applicationsetcontroller.log.level
692
              name: argocd-cmd-params-cm
693
              optional: true
694
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
695
          valueFrom:
696
            configMapKeyRef:
697
              key: applicationsetcontroller.dryrun
698
              name: argocd-cmd-params-cm
699
              optional: true
700
        - name: ARGOCD_GIT_MODULES_ENABLED
701
          valueFrom:
702
            configMapKeyRef:
703
              key: applicationsetcontroller.enable.git.submodule
704
              name: argocd-cmd-params-cm
705
              optional: true
706
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
707
          valueFrom:
708
            configMapKeyRef:
709
              key: applicationsetcontroller.enable.progressive.syncs
710
              name: argocd-cmd-params-cm
711
              optional: true
712
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
713
          valueFrom:
714
            configMapKeyRef:
715
              key: applicationsetcontroller.enable.new.git.file.globbing
716
              name: argocd-cmd-params-cm
717
              optional: true
718
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT
719
          valueFrom:
720
            configMapKeyRef:
721
              key: applicationsetcontroller.repo.server.plaintext
722
              name: argocd-cmd-params-cm
723
              optional: true
724
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS
725
          valueFrom:
726
            configMapKeyRef:
727
              key: applicationsetcontroller.repo.server.strict.tls
728
              name: argocd-cmd-params-cm
729
              optional: true
730
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
731
          valueFrom:
732
            configMapKeyRef:
733
              key: applicationsetcontroller.repo.server.timeout.seconds
734
              name: argocd-cmd-params-cm
735
              optional: true
736
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS
737
          valueFrom:
738
            configMapKeyRef:
739
              key: applicationsetcontroller.concurrent.reconciliations.max
740
              name: argocd-cmd-params-cm
741
              optional: true
742
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES
743
          valueFrom:
744
            configMapKeyRef:
745
              key: applicationsetcontroller.namespaces
746
              name: argocd-cmd-params-cm
747
              optional: true
748
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
749
          valueFrom:
750
            configMapKeyRef:
751
              key: applicationsetcontroller.scm.root.ca.path
752
              name: argocd-cmd-params-cm
753
              optional: true
754
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
755
          valueFrom:
756
            configMapKeyRef:
757
              key: applicationsetcontroller.allowed.scm.providers
758
              name: argocd-cmd-params-cm
759
              optional: true
760
        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
761
          valueFrom:
762
            configMapKeyRef:
763
              key: applicationsetcontroller.enable.scm.providers
764
              name: argocd-cmd-params-cm
765
              optional: true
766
        image: quay.io/argoproj/argocd:latest
767
        imagePullPolicy: Always
768
        name: argocd-applicationset-controller
769
        ports:
770
        - containerPort: 7000
771
          name: webhook
772
        - containerPort: 8080
773
          name: metrics
774
        securityContext:
775
          allowPrivilegeEscalation: false
776
          capabilities:
777
            drop:
778
            - ALL
779
          readOnlyRootFilesystem: true
780
          runAsNonRoot: true
781
          seccompProfile:
782
            type: RuntimeDefault
783
        volumeMounts:
784
        - mountPath: /app/config/ssh
785
          name: ssh-known-hosts
786
        - mountPath: /app/config/tls
787
          name: tls-certs
788
        - mountPath: /app/config/gpg/source
789
          name: gpg-keys
790
        - mountPath: /app/config/gpg/keys
791
          name: gpg-keyring
792
        - mountPath: /tmp
793
          name: tmp
794
        - mountPath: /app/config/reposerver/tls
795
          name: argocd-repo-server-tls
796
      serviceAccountName: argocd-applicationset-controller
797
      volumes:
798
      - configMap:
799
          name: argocd-ssh-known-hosts-cm
800
        name: ssh-known-hosts
801
      - configMap:
802
          name: argocd-tls-certs-cm
803
        name: tls-certs
804
      - configMap:
805
          name: argocd-gpg-keys-cm
806
        name: gpg-keys
807
      - emptyDir: {}
808
        name: gpg-keyring
809
      - emptyDir: {}
810
        name: tmp
811
      - name: argocd-repo-server-tls
812
        secret:
813
          items:
814
          - key: tls.crt
815
            path: tls.crt
816
          - key: tls.key
817
            path: tls.key
818
          - key: ca.crt
819
            path: ca.crt
820
          optional: true
821
          secretName: argocd-repo-server-tls
822
---
823
apiVersion: apps/v1
824
kind: Deployment
825
metadata:
826
  labels:
827
    app.kubernetes.io/component: dex-server
828
    app.kubernetes.io/name: argocd-dex-server
829
    app.kubernetes.io/part-of: argocd
830
  name: argocd-dex-server
831
spec:
832
  selector:
833
    matchLabels:
834
      app.kubernetes.io/name: argocd-dex-server
835
  template:
836
    metadata:
837
      labels:
838
        app.kubernetes.io/name: argocd-dex-server
839
    spec:
840
      affinity:
841
        podAntiAffinity:
842
          preferredDuringSchedulingIgnoredDuringExecution:
843
          - podAffinityTerm:
844
              labelSelector:
845
                matchLabels:
846
                  app.kubernetes.io/part-of: argocd
847
              topologyKey: kubernetes.io/hostname
848
            weight: 5
849
      containers:
850
      - command:
851
        - /shared/argocd-dex
852
        - rundex
853
        env:
854
        - name: ARGOCD_DEX_SERVER_DISABLE_TLS
855
          valueFrom:
856
            configMapKeyRef:
857
              key: dexserver.disable.tls
858
              name: argocd-cmd-params-cm
859
              optional: true
860
        image: ghcr.io/dexidp/dex:v2.38.0
861
        imagePullPolicy: Always
862
        name: dex
863
        ports:
864
        - containerPort: 5556
865
        - containerPort: 5557
866
        - containerPort: 5558
867
        securityContext:
868
          allowPrivilegeEscalation: false
869
          capabilities:
870
            drop:
871
            - ALL
872
          readOnlyRootFilesystem: true
873
          runAsNonRoot: true
874
          seccompProfile:
875
            type: RuntimeDefault
876
        volumeMounts:
877
        - mountPath: /shared
878
          name: static-files
879
        - mountPath: /tmp
880
          name: dexconfig
881
        - mountPath: /tls
882
          name: argocd-dex-server-tls
883
      initContainers:
884
      - command:
885
        - /bin/cp
886
        - -n
887
        - /usr/local/bin/argocd
888
        - /shared/argocd-dex
889
        image: quay.io/argoproj/argocd:latest
890
        imagePullPolicy: Always
891
        name: copyutil
892
        securityContext:
893
          allowPrivilegeEscalation: false
894
          capabilities:
895
            drop:
896
            - ALL
897
          readOnlyRootFilesystem: true
898
          runAsNonRoot: true
899
          seccompProfile:
900
            type: RuntimeDefault
901
        volumeMounts:
902
        - mountPath: /shared
903
          name: static-files
904
        - mountPath: /tmp
905
          name: dexconfig
906
      serviceAccountName: argocd-dex-server
907
      volumes:
908
      - emptyDir: {}
909
        name: static-files
910
      - emptyDir: {}
911
        name: dexconfig
912
      - name: argocd-dex-server-tls
913
        secret:
914
          items:
915
          - key: tls.crt
916
            path: tls.crt
917
          - key: tls.key
918
            path: tls.key
919
          - key: ca.crt
920
            path: ca.crt
921
          optional: true
922
          secretName: argocd-dex-server-tls
923
---
924
apiVersion: apps/v1
925
kind: Deployment
926
metadata:
927
  labels:
928
    app.kubernetes.io/component: notifications-controller
929
    app.kubernetes.io/name: argocd-notifications-controller
930
    app.kubernetes.io/part-of: argocd
931
  name: argocd-notifications-controller
932
spec:
933
  selector:
934
    matchLabels:
935
      app.kubernetes.io/name: argocd-notifications-controller
936
  strategy:
937
    type: Recreate
938
  template:
939
    metadata:
940
      labels:
941
        app.kubernetes.io/name: argocd-notifications-controller
942
    spec:
943
      containers:
944
      - args:
945
        - /usr/local/bin/argocd-notifications
946
        env:
947
        - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
948
          valueFrom:
949
            configMapKeyRef:
950
              key: notificationscontroller.log.format
951
              name: argocd-cmd-params-cm
952
              optional: true
953
        - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
954
          valueFrom:
955
            configMapKeyRef:
956
              key: notificationscontroller.log.level
957
              name: argocd-cmd-params-cm
958
              optional: true
959
        - name: ARGOCD_APPLICATION_NAMESPACES
960
          valueFrom:
961
            configMapKeyRef:
962
              key: application.namespaces
963
              name: argocd-cmd-params-cm
964
              optional: true
965
        - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
966
          valueFrom:
967
            configMapKeyRef:
968
              key: notificationscontroller.selfservice.enabled
969
              name: argocd-cmd-params-cm
970
              optional: true
971
        image: quay.io/argoproj/argocd:latest
972
        imagePullPolicy: Always
973
        livenessProbe:
974
          tcpSocket:
975
            port: 9001
976
        name: argocd-notifications-controller
977
        securityContext:
978
          allowPrivilegeEscalation: false
979
          capabilities:
980
            drop:
981
            - ALL
982
          readOnlyRootFilesystem: true
983
        volumeMounts:
984
        - mountPath: /app/config/tls
985
          name: tls-certs
986
        - mountPath: /app/config/reposerver/tls
987
          name: argocd-repo-server-tls
988
        workingDir: /app
989
      securityContext:
990
        runAsNonRoot: true
991
        seccompProfile:
992
          type: RuntimeDefault
993
      serviceAccountName: argocd-notifications-controller
994
      volumes:
995
      - configMap:
996
          name: argocd-tls-certs-cm
997
        name: tls-certs
998
      - name: argocd-repo-server-tls
999
        secret:
1000
          items:
1001
          - key: tls.crt
1002
            path: tls.crt
1003
          - key: tls.key
1004
            path: tls.key
1005
          - key: ca.crt
1006
            path: ca.crt
1007
          optional: true
1008
          secretName: argocd-repo-server-tls
1009
---
1010
apiVersion: apps/v1
1011
kind: Deployment
1012
metadata:
1013
  labels:
1014
    app.kubernetes.io/component: redis
1015
    app.kubernetes.io/name: argocd-redis
1016
    app.kubernetes.io/part-of: argocd
1017
  name: argocd-redis
1018
spec:
1019
  selector:
1020
    matchLabels:
1021
      app.kubernetes.io/name: argocd-redis
1022
  template:
1023
    metadata:
1024
      labels:
1025
        app.kubernetes.io/name: argocd-redis
1026
    spec:
1027
      affinity:
1028
        podAntiAffinity:
1029
          preferredDuringSchedulingIgnoredDuringExecution:
1030
          - podAffinityTerm:
1031
              labelSelector:
1032
                matchLabels:
1033
                  app.kubernetes.io/name: argocd-redis
1034
              topologyKey: kubernetes.io/hostname
1035
            weight: 100
1036
          - podAffinityTerm:
1037
              labelSelector:
1038
                matchLabels:
1039
                  app.kubernetes.io/part-of: argocd
1040
              topologyKey: kubernetes.io/hostname
1041
            weight: 5
1042
      containers:
1043
      - args:
1044
        - --save
1045
        - ""
1046
        - --appendonly
1047
        - "no"
1048
        image: redis:7.0.14-alpine
1049
        imagePullPolicy: Always
1050
        name: redis
1051
        ports:
1052
        - containerPort: 6379
1053
        securityContext:
1054
          allowPrivilegeEscalation: false
1055
          capabilities:
1056
            drop:
1057
            - ALL
1058
          readOnlyRootFilesystem: true
1059
      securityContext:
1060
        runAsNonRoot: true
1061
        runAsUser: 999
1062
        seccompProfile:
1063
          type: RuntimeDefault
1064
      serviceAccountName: argocd-redis
1065
---
1066
apiVersion: apps/v1
1067
kind: Deployment
1068
metadata:
1069
  labels:
1070
    app.kubernetes.io/component: repo-server
1071
    app.kubernetes.io/name: argocd-repo-server
1072
    app.kubernetes.io/part-of: argocd
1073
  name: argocd-repo-server
1074
spec:
1075
  selector:
1076
    matchLabels:
1077
      app.kubernetes.io/name: argocd-repo-server
1078
  template:
1079
    metadata:
1080
      labels:
1081
        app.kubernetes.io/name: argocd-repo-server
1082
    spec:
1083
      affinity:
1084
        podAntiAffinity:
1085
          preferredDuringSchedulingIgnoredDuringExecution:
1086
          - podAffinityTerm:
1087
              labelSelector:
1088
                matchLabels:
1089
                  app.kubernetes.io/name: argocd-repo-server
1090
              topologyKey: kubernetes.io/hostname
1091
            weight: 100
1092
          - podAffinityTerm:
1093
              labelSelector:
1094
                matchLabels:
1095
                  app.kubernetes.io/part-of: argocd
1096
              topologyKey: kubernetes.io/hostname
1097
            weight: 5
1098
      automountServiceAccountToken: false
1099
      containers:
1100
      - args:
1101
        - /usr/local/bin/argocd-repo-server
1102
        env:
1103
        - name: ARGOCD_RECONCILIATION_TIMEOUT
1104
          valueFrom:
1105
            configMapKeyRef:
1106
              key: timeout.reconciliation
1107
              name: argocd-cm
1108
              optional: true
1109
        - name: ARGOCD_REPO_SERVER_LOGFORMAT
1110
          valueFrom:
1111
            configMapKeyRef:
1112
              key: reposerver.log.format
1113
              name: argocd-cmd-params-cm
1114
              optional: true
1115
        - name: ARGOCD_REPO_SERVER_LOGLEVEL
1116
          valueFrom:
1117
            configMapKeyRef:
1118
              key: reposerver.log.level
1119
              name: argocd-cmd-params-cm
1120
              optional: true
1121
        - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
1122
          valueFrom:
1123
            configMapKeyRef:
1124
              key: reposerver.parallelism.limit
1125
              name: argocd-cmd-params-cm
1126
              optional: true
1127
        - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
1128
          valueFrom:
1129
            configMapKeyRef:
1130
              key: reposerver.listen.address
1131
              name: argocd-cmd-params-cm
1132
              optional: true
1133
        - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
1134
          valueFrom:
1135
            configMapKeyRef:
1136
              key: reposerver.metrics.listen.address
1137
              name: argocd-cmd-params-cm
1138
              optional: true
1139
        - name: ARGOCD_REPO_SERVER_DISABLE_TLS
1140
          valueFrom:
1141
            configMapKeyRef:
1142
              key: reposerver.disable.tls
1143
              name: argocd-cmd-params-cm
1144
              optional: true
1145
        - name: ARGOCD_TLS_MIN_VERSION
1146
          valueFrom:
1147
            configMapKeyRef:
1148
              key: reposerver.tls.minversion
1149
              name: argocd-cmd-params-cm
1150
              optional: true
1151
        - name: ARGOCD_TLS_MAX_VERSION
1152
          valueFrom:
1153
            configMapKeyRef:
1154
              key: reposerver.tls.maxversion
1155
              name: argocd-cmd-params-cm
1156
              optional: true
1157
        - name: ARGOCD_TLS_CIPHERS
1158
          valueFrom:
1159
            configMapKeyRef:
1160
              key: reposerver.tls.ciphers
1161
              name: argocd-cmd-params-cm
1162
              optional: true
1163
        - name: ARGOCD_REPO_CACHE_EXPIRATION
1164
          valueFrom:
1165
            configMapKeyRef:
1166
              key: reposerver.repo.cache.expiration
1167
              name: argocd-cmd-params-cm
1168
              optional: true
1169
        - name: REDIS_SERVER
1170
          valueFrom:
1171
            configMapKeyRef:
1172
              key: redis.server
1173
              name: argocd-cmd-params-cm
1174
              optional: true
1175
        - name: REDIS_COMPRESSION
1176
          valueFrom:
1177
            configMapKeyRef:
1178
              key: redis.compression
1179
              name: argocd-cmd-params-cm
1180
              optional: true
1181
        - name: REDISDB
1182
          valueFrom:
1183
            configMapKeyRef:
1184
              key: redis.db
1185
              name: argocd-cmd-params-cm
1186
              optional: true
1187
        - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
1188
          valueFrom:
1189
            configMapKeyRef:
1190
              key: reposerver.default.cache.expiration
1191
              name: argocd-cmd-params-cm
1192
              optional: true
1193
        - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
1194
          valueFrom:
1195
            configMapKeyRef:
1196
              key: otlp.address
1197
              name: argocd-cmd-params-cm
1198
              optional: true
1199
        - name: ARGOCD_REPO_SERVER_OTLP_INSECURE
1200
          valueFrom:
1201
            configMapKeyRef:
1202
              key: otlp.insecure
1203
              name: argocd-cmd-params-cm
1204
              optional: true
1205
        - name: ARGOCD_REPO_SERVER_OTLP_HEADERS
1206
          valueFrom:
1207
            configMapKeyRef:
1208
              key: otlp.headers
1209
              name: argocd-cmd-params-cm
1210
              optional: true
1211
        - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
1212
          valueFrom:
1213
            configMapKeyRef:
1214
              key: reposerver.max.combined.directory.manifests.size
1215
              name: argocd-cmd-params-cm
1216
              optional: true
1217
        - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
1218
          valueFrom:
1219
            configMapKeyRef:
1220
              key: reposerver.plugin.tar.exclusions
1221
              name: argocd-cmd-params-cm
1222
              optional: true
1223
        - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
1224
          valueFrom:
1225
            configMapKeyRef:
1226
              key: reposerver.allow.oob.symlinks
1227
              name: argocd-cmd-params-cm
1228
              optional: true
1229
        - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
1230
          valueFrom:
1231
            configMapKeyRef:
1232
              key: reposerver.streamed.manifest.max.tar.size
1233
              name: argocd-cmd-params-cm
1234
              optional: true
1235
        - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
1236
          valueFrom:
1237
            configMapKeyRef:
1238
              key: reposerver.streamed.manifest.max.extracted.size
1239
              name: argocd-cmd-params-cm
1240
              optional: true
1241
        - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
1242
          valueFrom:
1243
            configMapKeyRef:
1244
              key: reposerver.helm.manifest.max.extracted.size
1245
              name: argocd-cmd-params-cm
1246
              optional: true
1247
        - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
1248
          valueFrom:
1249
            configMapKeyRef:
1250
              key: reposerver.disable.helm.manifest.max.extracted.size
1251
              name: argocd-cmd-params-cm
1252
              optional: true
1253
        - name: ARGOCD_GIT_MODULES_ENABLED
1254
          valueFrom:
1255
            configMapKeyRef:
1256
              key: reposerver.enable.git.submodule
1257
              name: argocd-cmd-params-cm
1258
              optional: true
1259
        - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
1260
          valueFrom:
1261
            configMapKeyRef:
1262
              key: reposerver.git.lsremote.parallelism.limit
1263
              name: argocd-cmd-params-cm
1264
              optional: true
1265
        - name: ARGOCD_GIT_REQUEST_TIMEOUT
1266
          valueFrom:
1267
            configMapKeyRef:
1268
              key: reposerver.git.request.timeout
1269
              name: argocd-cmd-params-cm
1270
              optional: true
1271
        - name: HELM_CACHE_HOME
1272
          value: /helm-working-dir
1273
        - name: HELM_CONFIG_HOME
1274
          value: /helm-working-dir
1275
        - name: HELM_DATA_HOME
1276
          value: /helm-working-dir
1277
        image: quay.io/argoproj/argocd:latest
1278
        imagePullPolicy: Always
1279
        livenessProbe:
1280
          failureThreshold: 3
1281
          httpGet:
1282
            path: /healthz?full=true
1283
            port: 8084
1284
          initialDelaySeconds: 30
1285
          periodSeconds: 30
1286
          timeoutSeconds: 5
1287
        name: argocd-repo-server
1288
        ports:
1289
        - containerPort: 8081
1290
        - containerPort: 8084
1291
        readinessProbe:
1292
          httpGet:
1293
            path: /healthz
1294
            port: 8084
1295
          initialDelaySeconds: 5
1296
          periodSeconds: 10
1297
        securityContext:
1298
          allowPrivilegeEscalation: false
1299
          capabilities:
1300
            drop:
1301
            - ALL
1302
          readOnlyRootFilesystem: true
1303
          runAsNonRoot: true
1304
          seccompProfile:
1305
            type: RuntimeDefault
1306
        volumeMounts:
1307
        - mountPath: /app/config/ssh
1308
          name: ssh-known-hosts
1309
        - mountPath: /app/config/tls
1310
          name: tls-certs
1311
        - mountPath: /app/config/gpg/source
1312
          name: gpg-keys
1313
        - mountPath: /app/config/gpg/keys
1314
          name: gpg-keyring
1315
        - mountPath: /app/config/reposerver/tls
1316
          name: argocd-repo-server-tls
1317
        - mountPath: /tmp
1318
          name: tmp
1319
        - mountPath: /helm-working-dir
1320
          name: helm-working-dir
1321
        - mountPath: /home/argocd/cmp-server/plugins
1322
          name: plugins
1323
      initContainers:
1324
      - command:
1325
        - /bin/cp
1326
        - -n
1327
        - /usr/local/bin/argocd
1328
        - /var/run/argocd/argocd-cmp-server
1329
        image: quay.io/argoproj/argocd:latest
1330
        name: copyutil
1331
        securityContext:
1332
          allowPrivilegeEscalation: false
1333
          capabilities:
1334
            drop:
1335
            - ALL
1336
          readOnlyRootFilesystem: true
1337
          runAsNonRoot: true
1338
          seccompProfile:
1339
            type: RuntimeDefault
1340
        volumeMounts:
1341
        - mountPath: /var/run/argocd
1342
          name: var-files
1343
      serviceAccountName: argocd-repo-server
1344
      volumes:
1345
      - configMap:
1346
          name: argocd-ssh-known-hosts-cm
1347
        name: ssh-known-hosts
1348
      - configMap:
1349
          name: argocd-tls-certs-cm
1350
        name: tls-certs
1351
      - configMap:
1352
          name: argocd-gpg-keys-cm
1353
        name: gpg-keys
1354
      - emptyDir: {}
1355
        name: gpg-keyring
1356
      - emptyDir: {}
1357
        name: tmp
1358
      - emptyDir: {}
1359
        name: helm-working-dir
1360
      - name: argocd-repo-server-tls
1361
        secret:
1362
          items:
1363
          - key: tls.crt
1364
            path: tls.crt
1365
          - key: tls.key
1366
            path: tls.key
1367
          - key: ca.crt
1368
            path: ca.crt
1369
          optional: true
1370
          secretName: argocd-repo-server-tls
1371
      - emptyDir: {}
1372
        name: var-files
1373
      - emptyDir: {}
1374
        name: plugins
1375
---
1376
apiVersion: apps/v1
1377
kind: Deployment
1378
metadata:
1379
  labels:
1380
    app.kubernetes.io/component: server
1381
    app.kubernetes.io/name: argocd-server
1382
    app.kubernetes.io/part-of: argocd
1383
  name: argocd-server
1384
spec:
1385
  selector:
1386
    matchLabels:
1387
      app.kubernetes.io/name: argocd-server
1388
  template:
1389
    metadata:
1390
      labels:
1391
        app.kubernetes.io/name: argocd-server
1392
    spec:
1393
      affinity:
1394
        podAntiAffinity:
1395
          preferredDuringSchedulingIgnoredDuringExecution:
1396
          - podAffinityTerm:
1397
              labelSelector:
1398
                matchLabels:
1399
                  app.kubernetes.io/name: argocd-server
1400
              topologyKey: kubernetes.io/hostname
1401
            weight: 100
1402
          - podAffinityTerm:
1403
              labelSelector:
1404
                matchLabels:
1405
                  app.kubernetes.io/part-of: argocd
1406
              topologyKey: kubernetes.io/hostname
1407
            weight: 5
1408
      containers:
1409
      - args:
1410
        - /usr/local/bin/argocd-server
1411
        env:
1412
        - name: ARGOCD_SERVER_INSECURE
1413
          valueFrom:
1414
            configMapKeyRef:
1415
              key: server.insecure
1416
              name: argocd-cmd-params-cm
1417
              optional: true
1418
        - name: ARGOCD_SERVER_BASEHREF
1419
          valueFrom:
1420
            configMapKeyRef:
1421
              key: server.basehref
1422
              name: argocd-cmd-params-cm
1423
              optional: true
1424
        - name: ARGOCD_SERVER_ROOTPATH
1425
          valueFrom:
1426
            configMapKeyRef:
1427
              key: server.rootpath
1428
              name: argocd-cmd-params-cm
1429
              optional: true
1430
        - name: ARGOCD_SERVER_LOGFORMAT
1431
          valueFrom:
1432
            configMapKeyRef:
1433
              key: server.log.format
1434
              name: argocd-cmd-params-cm
1435
              optional: true
1436
        - name: ARGOCD_SERVER_LOG_LEVEL
1437
          valueFrom:
1438
            configMapKeyRef:
1439
              key: server.log.level
1440
              name: argocd-cmd-params-cm
1441
              optional: true
1442
        - name: ARGOCD_SERVER_REPO_SERVER
1443
          valueFrom:
1444
            configMapKeyRef:
1445
              key: repo.server
1446
              name: argocd-cmd-params-cm
1447
              optional: true
1448
        - name: ARGOCD_SERVER_DEX_SERVER
1449
          valueFrom:
1450
            configMapKeyRef:
1451
              key: server.dex.server
1452
              name: argocd-cmd-params-cm
1453
              optional: true
1454
        - name: ARGOCD_SERVER_DISABLE_AUTH
1455
          valueFrom:
1456
            configMapKeyRef:
1457
              key: server.disable.auth
1458
              name: argocd-cmd-params-cm
1459
              optional: true
1460
        - name: ARGOCD_SERVER_ENABLE_GZIP
1461
          valueFrom:
1462
            configMapKeyRef:
1463
              key: server.enable.gzip
1464
              name: argocd-cmd-params-cm
1465
              optional: true
1466
        - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS
1467
          valueFrom:
1468
            configMapKeyRef:
1469
              key: server.repo.server.timeout.seconds
1470
              name: argocd-cmd-params-cm
1471
              optional: true
1472
        - name: ARGOCD_SERVER_X_FRAME_OPTIONS
1473
          valueFrom:
1474
            configMapKeyRef:
1475
              key: server.x.frame.options
1476
              name: argocd-cmd-params-cm
1477
              optional: true
1478
        - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY
1479
          valueFrom:
1480
            configMapKeyRef:
1481
              key: server.content.security.policy
1482
              name: argocd-cmd-params-cm
1483
              optional: true
1484
        - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT
1485
          valueFrom:
1486
            configMapKeyRef:
1487
              key: server.repo.server.plaintext
1488
              name: argocd-cmd-params-cm
1489
              optional: true
1490
        - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS
1491
          valueFrom:
1492
            configMapKeyRef:
1493
              key: server.repo.server.strict.tls
1494
              name: argocd-cmd-params-cm
1495
              optional: true
1496
        - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
1497
          valueFrom:
1498
            configMapKeyRef:
1499
              key: server.dex.server.plaintext
1500
              name: argocd-cmd-params-cm
1501
              optional: true
1502
        - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
1503
          valueFrom:
1504
            configMapKeyRef:
1505
              key: server.dex.server.strict.tls
1506
              name: argocd-cmd-params-cm
1507
              optional: true
1508
        - name: ARGOCD_TLS_MIN_VERSION
1509
          valueFrom:
1510
            configMapKeyRef:
1511
              key: server.tls.minversion
1512
              name: argocd-cmd-params-cm
1513
              optional: true
1514
        - name: ARGOCD_TLS_MAX_VERSION
1515
          valueFrom:
1516
            configMapKeyRef:
1517
              key: server.tls.maxversion
1518
              name: argocd-cmd-params-cm
1519
              optional: true
1520
        - name: ARGOCD_TLS_CIPHERS
1521
          valueFrom:
1522
            configMapKeyRef:
1523
              key: server.tls.ciphers
1524
              name: argocd-cmd-params-cm
1525
              optional: true
1526
        - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION
1527
          valueFrom:
1528
            configMapKeyRef:
1529
              key: server.connection.status.cache.expiration
1530
              name: argocd-cmd-params-cm
1531
              optional: true
1532
        - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION
1533
          valueFrom:
1534
            configMapKeyRef:
1535
              key: server.oidc.cache.expiration
1536
              name: argocd-cmd-params-cm
1537
              optional: true
1538
        - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION
1539
          valueFrom:
1540
            configMapKeyRef:
1541
              key: server.login.attempts.expiration
1542
              name: argocd-cmd-params-cm
1543
              optional: true
1544
        - name: ARGOCD_SERVER_STATIC_ASSETS
1545
          valueFrom:
1546
            configMapKeyRef:
1547
              key: server.staticassets
1548
              name: argocd-cmd-params-cm
1549
              optional: true
1550
        - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
1551
          valueFrom:
1552
            configMapKeyRef:
1553
              key: server.app.state.cache.expiration
1554
              name: argocd-cmd-params-cm
1555
              optional: true
1556
        - name: REDIS_SERVER
1557
          valueFrom:
1558
            configMapKeyRef:
1559
              key: redis.server
1560
              name: argocd-cmd-params-cm
1561
              optional: true
1562
        - name: REDIS_COMPRESSION
1563
          valueFrom:
1564
            configMapKeyRef:
1565
              key: redis.compression
1566
              name: argocd-cmd-params-cm
1567
              optional: true
1568
        - name: REDISDB
1569
          valueFrom:
1570
            configMapKeyRef:
1571
              key: redis.db
1572
              name: argocd-cmd-params-cm
1573
              optional: true
1574
        - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
1575
          valueFrom:
1576
            configMapKeyRef:
1577
              key: server.default.cache.expiration
1578
              name: argocd-cmd-params-cm
1579
              optional: true
1580
        - name: ARGOCD_MAX_COOKIE_NUMBER
1581
          valueFrom:
1582
            configMapKeyRef:
1583
              key: server.http.cookie.maxnumber
1584
              name: argocd-cmd-params-cm
1585
              optional: true
1586
        - name: ARGOCD_SERVER_LISTEN_ADDRESS
1587
          valueFrom:
1588
            configMapKeyRef:
1589
              key: server.listen.address
1590
              name: argocd-cmd-params-cm
1591
              optional: true
1592
        - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS
1593
          valueFrom:
1594
            configMapKeyRef:
1595
              key: server.metrics.listen.address
1596
              name: argocd-cmd-params-cm
1597
              optional: true
1598
        - name: ARGOCD_SERVER_OTLP_ADDRESS
1599
          valueFrom:
1600
            configMapKeyRef:
1601
              key: otlp.address
1602
              name: argocd-cmd-params-cm
1603
              optional: true
1604
        - name: ARGOCD_SERVER_OTLP_INSECURE
1605
          valueFrom:
1606
            configMapKeyRef:
1607
              key: otlp.insecure
1608
              name: argocd-cmd-params-cm
1609
              optional: true
1610
        - name: ARGOCD_SERVER_OTLP_HEADERS
1611
          valueFrom:
1612
            configMapKeyRef:
1613
              key: otlp.headers
1614
              name: argocd-cmd-params-cm
1615
              optional: true
1616
        - name: ARGOCD_APPLICATION_NAMESPACES
1617
          valueFrom:
1618
            configMapKeyRef:
1619
              key: application.namespaces
1620
              name: argocd-cmd-params-cm
1621
              optional: true
1622
        - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION
1623
          valueFrom:
1624
            configMapKeyRef:
1625
              key: server.enable.proxy.extension
1626
              name: argocd-cmd-params-cm
1627
              optional: true
1628
        - name: ARGOCD_K8SCLIENT_RETRY_MAX
1629
          valueFrom:
1630
            configMapKeyRef:
1631
              key: server.k8sclient.retry.max
1632
              name: argocd-cmd-params-cm
1633
              optional: true
1634
        - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
1635
          valueFrom:
1636
            configMapKeyRef:
1637
              key: server.k8sclient.retry.base.backoff
1638
              name: argocd-cmd-params-cm
1639
              optional: true
1640
        - name: ARGOCD_API_CONTENT_TYPES
1641
          valueFrom:
1642
            configMapKeyRef:
1643
              key: server.api.content.types
1644
              name: argocd-cmd-params-cm
1645
              optional: true
1646
        image: quay.io/argoproj/argocd:latest
1647
        imagePullPolicy: Always
1648
        livenessProbe:
1649
          httpGet:
1650
            path: /healthz?full=true
1651
            port: 8080
1652
          initialDelaySeconds: 3
1653
          periodSeconds: 30
1654
          timeoutSeconds: 5
1655
        name: argocd-server
1656
        ports:
1657
        - containerPort: 8080
1658
        - containerPort: 8083
1659
        readinessProbe:
1660
          httpGet:
1661
            path: /healthz
1662
            port: 8080
1663
          initialDelaySeconds: 3
1664
          periodSeconds: 30
1665
        securityContext:
1666
          allowPrivilegeEscalation: false
1667
          capabilities:
1668
            drop:
1669
            - ALL
1670
          readOnlyRootFilesystem: true
1671
          runAsNonRoot: true
1672
          seccompProfile:
1673
            type: RuntimeDefault
1674
        volumeMounts:
1675
        - mountPath: /app/config/ssh
1676
          name: ssh-known-hosts
1677
        - mountPath: /app/config/tls
1678
          name: tls-certs
1679
        - mountPath: /app/config/server/tls
1680
          name: argocd-repo-server-tls
1681
        - mountPath: /app/config/dex/tls
1682
          name: argocd-dex-server-tls
1683
        - mountPath: /home/argocd
1684
          name: plugins-home
1685
        - mountPath: /tmp
1686
          name: tmp
1687
      serviceAccountName: argocd-server
1688
      volumes:
1689
      - emptyDir: {}
1690
        name: plugins-home
1691
      - emptyDir: {}
1692
        name: tmp
1693
      - configMap:
1694
          name: argocd-ssh-known-hosts-cm
1695
        name: ssh-known-hosts
1696
      - configMap:
1697
          name: argocd-tls-certs-cm
1698
        name: tls-certs
1699
      - name: argocd-repo-server-tls
1700
        secret:
1701
          items:
1702
          - key: tls.crt
1703
            path: tls.crt
1704
          - key: tls.key
1705
            path: tls.key
1706
          - key: ca.crt
1707
            path: ca.crt
1708
          optional: true
1709
          secretName: argocd-repo-server-tls
1710
      - name: argocd-dex-server-tls
1711
        secret:
1712
          items:
1713
          - key: tls.crt
1714
            path: tls.crt
1715
          - key: ca.crt
1716
            path: ca.crt
1717
          optional: true
1718
          secretName: argocd-dex-server-tls
1719
---
1720
apiVersion: apps/v1
1721
kind: StatefulSet
1722
metadata:
1723
  labels:
1724
    app.kubernetes.io/component: application-controller
1725
    app.kubernetes.io/name: argocd-application-controller
1726
    app.kubernetes.io/part-of: argocd
1727
  name: argocd-application-controller
1728
spec:
1729
  replicas: 1
1730
  selector:
1731
    matchLabels:
1732
      app.kubernetes.io/name: argocd-application-controller
1733
  serviceName: argocd-application-controller
1734
  template:
1735
    metadata:
1736
      labels:
1737
        app.kubernetes.io/name: argocd-application-controller
1738
    spec:
1739
      affinity:
1740
        podAntiAffinity:
1741
          preferredDuringSchedulingIgnoredDuringExecution:
1742
          - podAffinityTerm:
1743
              labelSelector:
1744
                matchLabels:
1745
                  app.kubernetes.io/name: argocd-application-controller
1746
              topologyKey: kubernetes.io/hostname
1747
            weight: 100
1748
          - podAffinityTerm:
1749
              labelSelector:
1750
                matchLabels:
1751
                  app.kubernetes.io/part-of: argocd
1752
              topologyKey: kubernetes.io/hostname
1753
            weight: 5
1754
      containers:
1755
      - args:
1756
        - /usr/local/bin/argocd-application-controller
1757
        env:
1758
        - name: ARGOCD_CONTROLLER_REPLICAS
1759
          value: "1"
1760
        - name: ARGOCD_RECONCILIATION_TIMEOUT
1761
          valueFrom:
1762
            configMapKeyRef:
1763
              key: timeout.reconciliation
1764
              name: argocd-cm
1765
              optional: true
1766
        - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
1767
          valueFrom:
1768
            configMapKeyRef:
1769
              key: timeout.hard.reconciliation
1770
              name: argocd-cm
1771
              optional: true
1772
        - name: ARGOCD_RECONCILIATION_JITTER
1773
          valueFrom:
1774
            configMapKeyRef:
1775
              key: timeout.reconciliation.jitter
1776
              name: argocd-cm
1777
              optional: true
1778
        - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
1779
          valueFrom:
1780
            configMapKeyRef:
1781
              key: controller.repo.error.grace.period.seconds
1782
              name: argocd-cmd-params-cm
1783
              optional: true
1784
        - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
1785
          valueFrom:
1786
            configMapKeyRef:
1787
              key: repo.server
1788
              name: argocd-cmd-params-cm
1789
              optional: true
1790
        - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
1791
          valueFrom:
1792
            configMapKeyRef:
1793
              key: controller.repo.server.timeout.seconds
1794
              name: argocd-cmd-params-cm
1795
              optional: true
1796
        - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
1797
          valueFrom:
1798
            configMapKeyRef:
1799
              key: controller.status.processors
1800
              name: argocd-cmd-params-cm
1801
              optional: true
1802
        - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
1803
          valueFrom:
1804
            configMapKeyRef:
1805
              key: controller.operation.processors
1806
              name: argocd-cmd-params-cm
1807
              optional: true
1808
        - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
1809
          valueFrom:
1810
            configMapKeyRef:
1811
              key: controller.log.format
1812
              name: argocd-cmd-params-cm
1813
              optional: true
1814
        - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
1815
          valueFrom:
1816
            configMapKeyRef:
1817
              key: controller.log.level
1818
              name: argocd-cmd-params-cm
1819
              optional: true
1820
        - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
1821
          valueFrom:
1822
            configMapKeyRef:
1823
              key: controller.metrics.cache.expiration
1824
              name: argocd-cmd-params-cm
1825
              optional: true
1826
        - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
1827
          valueFrom:
1828
            configMapKeyRef:
1829
              key: controller.self.heal.timeout.seconds
1830
              name: argocd-cmd-params-cm
1831
              optional: true
1832
        - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
1833
          valueFrom:
1834
            configMapKeyRef:
1835
              key: controller.repo.server.plaintext
1836
              name: argocd-cmd-params-cm
1837
              optional: true
1838
        - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
1839
          valueFrom:
1840
            configMapKeyRef:
1841
              key: controller.repo.server.strict.tls
1842
              name: argocd-cmd-params-cm
1843
              optional: true
1844
        - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
1845
          valueFrom:
1846
            configMapKeyRef:
1847
              key: controller.resource.health.persist
1848
              name: argocd-cmd-params-cm
1849
              optional: true
1850
        - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
1851
          valueFrom:
1852
            configMapKeyRef:
1853
              key: controller.app.state.cache.expiration
1854
              name: argocd-cmd-params-cm
1855
              optional: true
1856
        - name: REDIS_SERVER
1857
          valueFrom:
1858
            configMapKeyRef:
1859
              key: redis.server
1860
              name: argocd-cmd-params-cm
1861
              optional: true
1862
        - name: REDIS_COMPRESSION
1863
          valueFrom:
1864
            configMapKeyRef:
1865
              key: redis.compression
1866
              name: argocd-cmd-params-cm
1867
              optional: true
1868
        - name: REDISDB
1869
          valueFrom:
1870
            configMapKeyRef:
1871
              key: redis.db
1872
              name: argocd-cmd-params-cm
1873
              optional: true
1874
        - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
1875
          valueFrom:
1876
            configMapKeyRef:
1877
              key: controller.default.cache.expiration
1878
              name: argocd-cmd-params-cm
1879
              optional: true
1880
        - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
1881
          valueFrom:
1882
            configMapKeyRef:
1883
              key: otlp.address
1884
              name: argocd-cmd-params-cm
1885
              optional: true
1886
        - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
1887
          valueFrom:
1888
            configMapKeyRef:
1889
              key: otlp.insecure
1890
              name: argocd-cmd-params-cm
1891
              optional: true
1892
        - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
1893
          valueFrom:
1894
            configMapKeyRef:
1895
              key: otlp.headers
1896
              name: argocd-cmd-params-cm
1897
              optional: true
1898
        - name: ARGOCD_APPLICATION_NAMESPACES
1899
          valueFrom:
1900
            configMapKeyRef:
1901
              key: application.namespaces
1902
              name: argocd-cmd-params-cm
1903
              optional: true
1904
        - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
1905
          valueFrom:
1906
            configMapKeyRef:
1907
              key: controller.sharding.algorithm
1908
              name: argocd-cmd-params-cm
1909
              optional: true
1910
        - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
1911
          valueFrom:
1912
            configMapKeyRef:
1913
              key: controller.kubectl.parallelism.limit
1914
              name: argocd-cmd-params-cm
1915
              optional: true
1916
        - name: ARGOCD_K8SCLIENT_RETRY_MAX
1917
          valueFrom:
1918
            configMapKeyRef:
1919
              key: controller.k8sclient.retry.max
1920
              name: argocd-cmd-params-cm
1921
              optional: true
1922
        - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
1923
          valueFrom:
1924
            configMapKeyRef:
1925
              key: controller.k8sclient.retry.base.backoff
1926
              name: argocd-cmd-params-cm
1927
              optional: true
1928
        - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
1929
          valueFrom:
1930
            configMapKeyRef:
1931
              key: controller.diff.server.side
1932
              name: argocd-cmd-params-cm
1933
              optional: true
1934
        image: quay.io/argoproj/argocd:latest
1935
        imagePullPolicy: Always
1936
        name: argocd-application-controller
1937
        ports:
1938
        - containerPort: 8082
1939
        readinessProbe:
1940
          httpGet:
1941
            path: /healthz
1942
            port: 8082
1943
          initialDelaySeconds: 5
1944
          periodSeconds: 10
1945
        securityContext:
1946
          allowPrivilegeEscalation: false
1947
          capabilities:
1948
            drop:
1949
            - ALL
1950
          readOnlyRootFilesystem: true
1951
          runAsNonRoot: true
1952
          seccompProfile:
1953
            type: RuntimeDefault
1954
        volumeMounts:
1955
        - mountPath: /app/config/controller/tls
1956
          name: argocd-repo-server-tls
1957
        - mountPath: /home/argocd
1958
          name: argocd-home
1959
        workingDir: /home/argocd
1960
      serviceAccountName: argocd-application-controller
1961
      volumes:
1962
      - emptyDir: {}
1963
        name: argocd-home
1964
      - name: argocd-repo-server-tls
1965
        secret:
1966
          items:
1967
          - key: tls.crt
1968
            path: tls.crt
1969
          - key: tls.key
1970
            path: tls.key
1971
          - key: ca.crt
1972
            path: ca.crt
1973
          optional: true
1974
          secretName: argocd-repo-server-tls
1975
---
1976
apiVersion: networking.k8s.io/v1
1977
kind: NetworkPolicy
1978
metadata:
1979
  name: argocd-application-controller-network-policy
1980
spec:
1981
  ingress:
1982
  - from:
1983
    - namespaceSelector: {}
1984
    ports:
1985
    - port: 8082
1986
  podSelector:
1987
    matchLabels:
1988
      app.kubernetes.io/name: argocd-application-controller
1989
  policyTypes:
1990
  - Ingress
1991
---
1992
apiVersion: networking.k8s.io/v1
1993
kind: NetworkPolicy
1994
metadata:
1995
  name: argocd-applicationset-controller-network-policy
1996
spec:
1997
  ingress:
1998
  - from:
1999
    - namespaceSelector: {}
2000
    ports:
2001
    - port: 7000
2002
      protocol: TCP
2003
    - port: 8080
2004
      protocol: TCP
2005
  podSelector:
2006
    matchLabels:
2007
      app.kubernetes.io/name: argocd-applicationset-controller
2008
  policyTypes:
2009
  - Ingress
2010
---
2011
apiVersion: networking.k8s.io/v1
2012
kind: NetworkPolicy
2013
metadata:
2014
  name: argocd-dex-server-network-policy
2015
spec:
2016
  ingress:
2017
  - from:
2018
    - podSelector:
2019
        matchLabels:
2020
          app.kubernetes.io/name: argocd-server
2021
    ports:
2022
    - port: 5556
2023
      protocol: TCP
2024
    - port: 5557
2025
      protocol: TCP
2026
  - from:
2027
    - namespaceSelector: {}
2028
    ports:
2029
    - port: 5558
2030
      protocol: TCP
2031
  podSelector:
2032
    matchLabels:
2033
      app.kubernetes.io/name: argocd-dex-server
2034
  policyTypes:
2035
  - Ingress
2036
---
2037
apiVersion: networking.k8s.io/v1
2038
kind: NetworkPolicy
2039
metadata:
2040
  labels:
2041
    app.kubernetes.io/component: notifications-controller
2042
    app.kubernetes.io/name: argocd-notifications-controller
2043
    app.kubernetes.io/part-of: argocd
2044
  name: argocd-notifications-controller-network-policy
2045
spec:
2046
  ingress:
2047
  - from:
2048
    - namespaceSelector: {}
2049
    ports:
2050
    - port: 9001
2051
      protocol: TCP
2052
  podSelector:
2053
    matchLabels:
2054
      app.kubernetes.io/name: argocd-notifications-controller
2055
  policyTypes:
2056
  - Ingress
2057
---
2058
apiVersion: networking.k8s.io/v1
2059
kind: NetworkPolicy
2060
metadata:
2061
  name: argocd-redis-network-policy
2062
spec:
2063
  egress:
2064
  - ports:
2065
    - port: 53
2066
      protocol: UDP
2067
    - port: 53
2068
      protocol: TCP
2069
  ingress:
2070
  - from:
2071
    - podSelector:
2072
        matchLabels:
2073
          app.kubernetes.io/name: argocd-server
2074
    - podSelector:
2075
        matchLabels:
2076
          app.kubernetes.io/name: argocd-repo-server
2077
    - podSelector:
2078
        matchLabels:
2079
          app.kubernetes.io/name: argocd-application-controller
2080
    ports:
2081
    - port: 6379
2082
      protocol: TCP
2083
  podSelector:
2084
    matchLabels:
2085
      app.kubernetes.io/name: argocd-redis
2086
  policyTypes:
2087
  - Ingress
2088
  - Egress
2089
---
2090
apiVersion: networking.k8s.io/v1
2091
kind: NetworkPolicy
2092
metadata:
2093
  name: argocd-repo-server-network-policy
2094
spec:
2095
  ingress:
2096
  - from:
2097
    - podSelector:
2098
        matchLabels:
2099
          app.kubernetes.io/name: argocd-server
2100
    - podSelector:
2101
        matchLabels:
2102
          app.kubernetes.io/name: argocd-application-controller
2103
    - podSelector:
2104
        matchLabels:
2105
          app.kubernetes.io/name: argocd-notifications-controller
2106
    - podSelector:
2107
        matchLabels:
2108
          app.kubernetes.io/name: argocd-applicationset-controller
2109
    ports:
2110
    - port: 8081
2111
      protocol: TCP
2112
  - from:
2113
    - namespaceSelector: {}
2114
    ports:
2115
    - port: 8084
2116
  podSelector:
2117
    matchLabels:
2118
      app.kubernetes.io/name: argocd-repo-server
2119
  policyTypes:
2120
  - Ingress
2121
---
2122
apiVersion: networking.k8s.io/v1
2123
kind: NetworkPolicy
2124
metadata:
2125
  name: argocd-server-network-policy
2126
spec:
2127
  ingress:
2128
  - {}
2129
  podSelector:
2130
    matchLabels:
2131
      app.kubernetes.io/name: argocd-server
2132
  policyTypes:
2133
  - Ingress
2134