chemavx/k8s-manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: export all K8 Plus cluster manifests

Browse Source 
Namespaces: argocd, authentik, backup-system, cloudflare-ddns,
gitea, homarr, monitoring, n8n, openclaw, polymarket-bot, vaultwarden
Cluster-wide: clusterissuers, namespaces
Secrets: redacted (structure only, data=REDACTED)
This commit is contained in:
chemavx
2026-04-10 08:57:02 +00:00
commit ff2e6cc985
163 changed files with 10979 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
argocd/configmap-argocd-cm.yaml
+53
View File
@@ -0,0 +1,53 @@
apiVersion: v1
data:
resource.customizations.ignoreResourceUpdates.ConfigMap: "jqPathExpressions:\n \
\ # Ignore the cluster-autoscaler status\n - '.metadata.annotations.\"cluster-autoscaler.kubernetes.io/last-updated\"\
'\n # Ignore the annotation of the legacy Leases election\n - '.metadata.annotations.\"\
control-plane.alpha.kubernetes.io/leader\"'\n"
resource.customizations.ignoreResourceUpdates.Endpoints: "jsonPointers:\n - /metadata\n\
\ - /subsets\n"
resource.customizations.ignoreResourceUpdates.all: "jsonPointers:\n - /status\n"
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: "jqPathExpressions:\n\
\ - '.metadata.annotations.\"deployment.kubernetes.io/desired-replicas\"'\n \
\ - '.metadata.annotations.\"deployment.kubernetes.io/max-replicas\"'\n - '.metadata.annotations.\"\
rollout.argoproj.io/desired-replicas\"'\n"
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: "jqPathExpressions:\n\
\ - '.metadata.annotations.\"notified.notifications.argoproj.io\"'\n - '.metadata.annotations.\"\
argocd.argoproj.io/refresh\"'\n - '.metadata.annotations.\"argocd.argoproj.io/hydrate\"\
'\n - '.operation'\n"
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: "jqPathExpressions:\n\
\ - '.metadata.annotations.\"notified.notifications.argoproj.io\"'\n"
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: "jqPathExpressions:\n\
\ - '.metadata.annotations.\"autoscaling.alpha.kubernetes.io/behavior\"'\n -\
\ '.metadata.annotations.\"autoscaling.alpha.kubernetes.io/conditions\"'\n -\
\ '.metadata.annotations.\"autoscaling.alpha.kubernetes.io/metrics\"'\n - '.metadata.annotations.\"\
autoscaling.alpha.kubernetes.io/current-metrics\"'\n"
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: "jsonPointers:\n\
\ - /metadata\n - /endpoints\n - /ports\n"
resource.exclusions: "### Network resources created by the Kubernetes control plane\
\ and excluded to reduce the number of watched events and UI clutter\n- apiGroups:\n\
\ - ''\n - discovery.k8s.io\n kinds:\n - Endpoints\n - EndpointSlice\n###\
\ Internal Kubernetes resources excluded reduce the number of watched events\n\
- apiGroups:\n - coordination.k8s.io\n kinds:\n - Lease\n### Internal Kubernetes\
\ Authz/Authn resources excluded reduce the number of watched events\n- apiGroups:\n\
\ - authentication.k8s.io\n - authorization.k8s.io\n kinds:\n - SelfSubjectReview\n\
\ - TokenReview\n - LocalSubjectAccessReview\n - SelfSubjectAccessReview\n\
\ - SelfSubjectRulesReview\n - SubjectAccessReview\n### Intermediate Certificate\
\ Request excluded reduce the number of watched events\n- apiGroups:\n - certificates.k8s.io\n\
\ kinds:\n - CertificateSigningRequest\n- apiGroups:\n - cert-manager.io\n\
\ kinds:\n - CertificateRequest\n### Cilium internal resources excluded reduce\
\ the number of watched events and UI Clutter\n- apiGroups:\n - cilium.io\n \
\ kinds:\n - CiliumIdentity\n - CiliumEndpoint\n - CiliumEndpointSlice\n###\
\ Kyverno intermediate and reporting resources excluded reduce the number of watched\
\ events and improve performance\n- apiGroups:\n - kyverno.io\n - reports.kyverno.io\n\
\ - wgpolicyk8s.io\n kinds:\n - PolicyReport\n - ClusterPolicyReport\n -\
\ EphemeralReport\n - ClusterEphemeralReport\n - AdmissionReport\n - ClusterAdmissionReport\n\
\ - BackgroundScanReport\n - ClusterBackgroundScanReport\n - UpdateRequest\n"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
namespace: argocd
argocd/configmap-argocd-cmd-params-cm.yaml
+11
View File
@@ -0,0 +1,11 @@
apiVersion: v1
data:
server.insecure: 'true'
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
name: argocd-cmd-params-cm
namespace: argocd
argocd/configmap-argocd-gpg-keys-cm.yaml
+9
View File
@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-gpg-keys-cm
app.kubernetes.io/part-of: argocd
name: argocd-gpg-keys-cm
namespace: argocd
argocd/configmap-argocd-notifications-cm.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-cm
namespace: argocd
argocd/configmap-argocd-rbac-cm.yaml
+9
View File
@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-rbac-cm
app.kubernetes.io/part-of: argocd
name: argocd-rbac-cm
namespace: argocd
argocd/configmap-argocd-ssh-known-hosts-cm.yaml
+42
View File
@@ -0,0 +1,42 @@
apiVersion: v1
data:
ssh_known_hosts: '# This file was automatically generated by hack/update-ssh-known-hosts.sh.
DO NOT EDIT
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
'
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-ssh-known-hosts-cm
app.kubernetes.io/part-of: argocd
name: argocd-ssh-known-hosts-cm
namespace: argocd
argocd/configmap-argocd-tls-certs-cm.yaml
+9
View File
@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-tls-certs-cm
app.kubernetes.io/part-of: argocd
name: argocd-tls-certs-cm
namespace: argocd
argocd/deployment-argocd-applicationset-controller.yaml
+288
View File
File diff suppressed because one or more lines are too long
argocd/deployment-argocd-dex-server.yaml
+151
View File
@@ -0,0 +1,151 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: '1'
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"dex-server","app.kubernetes.io/name":"argocd-dex-server","app.kubernetes.io/part-of":"argocd"},"name":"argocd-dex-server","namespace":"argocd"},"spec":{"selector":{"matchLabels":{"app.kubernetes.io/name":"argocd-dex-server"}},"template":{"metadata":{"labels":{"app.kubernetes.io/name":"argocd-dex-server"}},"spec":{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/part-of":"argocd"}},"topologyKey":"kubernetes.io/hostname"},"weight":5}]}},"containers":[{"command":["/shared/argocd-dex","rundex"],"env":[{"name":"ARGOCD_DEX_SERVER_LOGFORMAT","valueFrom":{"configMapKeyRef":{"key":"dexserver.log.format","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_DEX_SERVER_LOGLEVEL","valueFrom":{"configMapKeyRef":{"key":"dexserver.log.level","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_LOG_FORMAT_TIMESTAMP","valueFrom":{"configMapKeyRef":{"key":"log.format.timestamp","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_DEX_SERVER_DISABLE_TLS","valueFrom":{"configMapKeyRef":{"key":"dexserver.disable.tls","name":"argocd-cmd-params-cm","optional":true}}}],"image":"ghcr.io/dexidp/dex:v2.43.0","imagePullPolicy":"Always","name":"dex","ports":[{"containerPort":5556},{"containerPort":5557},{"containerPort":5558}],"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}},"volumeMounts":[{"mountPath":"/shared","name":"static-files"},{"mountPath":"/tmp","name":"dexconfig"},{"mountPath":"/tls","name":"argocd-dex-server-tls"}]}],"initContainers":[{"command":["/bin/cp","-n","/usr/local/bin/argocd","/shared/argocd-dex"],"image":"quay.io/argoproj/argocd:v3.3.6","imagePullPolicy":"Always","name":"copyutil","securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}},"volumeMounts":[{"mountPath":"/shared","name":"static-files"},{"mountPath":"/tmp","name":"dexconfig"}]}],"nodeSelector":{"kubernetes.io/os":"linux"},"serviceAccountName":"argocd-dex-server","volumes":[{"emptyDir":{},"name":"static-files"},{"emptyDir":{},"name":"dexconfig"},{"name":"argocd-dex-server-tls","secret":{"items":[{"key":"tls.crt","path":"tls.crt"},{"key":"tls.key","path":"tls.key"},{"key":"ca.crt","path":"ca.crt"}],"optional":true,"secretName":"argocd-dex-server-tls"}}]}}}}
'
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
namespace: argocd
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: argocd-dex-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- command:
- /shared/argocd-dex
- rundex
env:
- name: ARGOCD_DEX_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: dexserver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEX_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: dexserver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: dexserver.disable.tls
name: argocd-cmd-params-cm
optional: true
image: ghcr.io/dexidp/dex:v2.43.0
imagePullPolicy: Always
name: dex
ports:
- containerPort: 5556
protocol: TCP
- containerPort: 5557
protocol: TCP
- containerPort: 5558
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
- mountPath: /tls
name: argocd-dex-server-tls
dnsPolicy: ClusterFirst
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v3.3.6
imagePullPolicy: Always
name: copyutil
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: argocd-dex-server
serviceAccountName: argocd-dex-server
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: static-files
- emptyDir: {}
name: dexconfig
- name: argocd-dex-server-tls
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-dex-server-tls
argocd/deployment-argocd-notifications-controller.yaml
+123
View File
@@ -0,0 +1,123 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: '1'
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"notifications-controller","app.kubernetes.io/name":"argocd-notifications-controller","app.kubernetes.io/part-of":"argocd"},"name":"argocd-notifications-controller","namespace":"argocd"},"spec":{"selector":{"matchLabels":{"app.kubernetes.io/name":"argocd-notifications-controller"}},"strategy":{"type":"Recreate"},"template":{"metadata":{"labels":{"app.kubernetes.io/name":"argocd-notifications-controller"}},"spec":{"containers":[{"args":["/usr/local/bin/argocd-notifications"],"env":[{"name":"ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT","valueFrom":{"configMapKeyRef":{"key":"notificationscontroller.log.format","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL","valueFrom":{"configMapKeyRef":{"key":"notificationscontroller.log.level","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_LOG_FORMAT_TIMESTAMP","valueFrom":{"configMapKeyRef":{"key":"log.format.timestamp","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_APPLICATION_NAMESPACES","valueFrom":{"configMapKeyRef":{"key":"application.namespaces","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED","valueFrom":{"configMapKeyRef":{"key":"notificationscontroller.selfservice.enabled","name":"argocd-cmd-params-cm","optional":true}}},{"name":"ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT","valueFrom":{"configMapKeyRef":{"key":"notificationscontroller.repo.server.plaintext","name":"argocd-cmd-params-cm","optional":true}}}],"image":"quay.io/argoproj/argocd:v3.3.6","imagePullPolicy":"Always","livenessProbe":{"tcpSocket":{"port":9001}},"name":"argocd-notifications-controller","securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true},"volumeMounts":[{"mountPath":"/app/config/tls","name":"tls-certs"},{"mountPath":"/app/config/reposerver/tls","name":"argocd-repo-server-tls"}],"workingDir":"/app"}],"nodeSelector":{"kubernetes.io/os":"linux"},"securityContext":{"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAccountName":"argocd-notifications-controller","volumes":[{"configMap":{"name":"argocd-tls-certs-cm"},"name":"tls-certs"},{"name":"argocd-repo-server-tls","secret":{"items":[{"key":"tls.crt","path":"tls.crt"},{"key":"tls.key","path":"tls.key"},{"key":"ca.crt","path":"ca.crt"}],"optional":true,"secretName":"argocd-repo-server-tls"}}]}}}}
'
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller
namespace: argocd
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller
spec:
containers:
- args:
- /usr/local/bin/argocd-notifications
env:
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: notificationscontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: notificationscontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
valueFrom:
configMapKeyRef:
key: notificationscontroller.selfservice.enabled
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v3.3.6
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 9001
timeoutSeconds: 1
name: argocd-notifications-controller
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
workingDir: /app
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccount: argocd-notifications-controller
serviceAccountName: argocd-notifications-controller
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
argocd/deployment-argocd-redis.yaml
+109
View File
@@ -0,0 +1,109 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: '1'
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"redis","app.kubernetes.io/name":"argocd-redis","app.kubernetes.io/part-of":"argocd"},"name":"argocd-redis","namespace":"argocd"},"spec":{"selector":{"matchLabels":{"app.kubernetes.io/name":"argocd-redis"}},"template":{"metadata":{"labels":{"app.kubernetes.io/name":"argocd-redis"}},"spec":{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"argocd-redis"}},"topologyKey":"kubernetes.io/hostname"},"weight":100},{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/part-of":"argocd"}},"topologyKey":"kubernetes.io/hostname"},"weight":5}]}},"containers":[{"args":["--save","","--appendonly","no","--requirepass
$(REDIS_PASSWORD)"],"env":[{"name":"REDIS_PASSWORD","valueFrom":{"secretKeyRef":{"key":"auth","name":"argocd-redis"}}}],"image":"public.ecr.aws/docker/library/redis:8.2.3-alpine","imagePullPolicy":"Always","name":"redis","ports":[{"containerPort":6379}],"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}}],"initContainers":[{"command":["argocd","admin","redis-initial-password"],"image":"quay.io/argoproj/argocd:v3.3.6","imagePullPolicy":"IfNotPresent","name":"secret-init","securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}}],"nodeSelector":{"kubernetes.io/os":"linux"},"securityContext":{"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAccountName":"argocd-redis"}}}}
'
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
namespace: argocd
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: argocd-redis
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: argocd-redis
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- args:
- --save
- ''
- --appendonly
- 'no'
- --requirepass $(REDIS_PASSWORD)
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: auth
name: argocd-redis
image: public.ecr.aws/docker/library/redis:8.2.3-alpine
imagePullPolicy: Always
name: redis
ports:
- containerPort: 6379
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
initContainers:
- command:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:v3.3.6
imagePullPolicy: IfNotPresent
name: secret-init
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
runAsUser: 999
seccompProfile:
type: RuntimeDefault
serviceAccount: argocd-redis
serviceAccountName: argocd-redis
terminationGracePeriodSeconds: 30
argocd/deployment-argocd-repo-server.yaml
+419
View File
File diff suppressed because one or more lines are too long
argocd/deployment-argocd-server.yaml
+447
View File
File diff suppressed because one or more lines are too long
argocd/ingress-argocd-server.yaml
+29
View File
@@ -0,0 +1,29 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"cert-manager.io/cluster-issuer":"letsencrypt-prod","traefik.ingress.kubernetes.io/router.entrypoints":"websecure"},"name":"argocd-server","namespace":"argocd"},"spec":{"ingressClassName":"traefik","rules":[{"host":"argocd.chemavx.xyz","http":{"paths":[{"backend":{"service":{"name":"argocd-server","port":{"number":80}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["argocd.chemavx.xyz"],"secretName":"argocd-tls"}]}}
'
traefik.ingress.kubernetes.io/router.entrypoints: websecure
name: argocd-server
namespace: argocd
spec:
ingressClassName: traefik
rules:
- host: argocd.chemavx.xyz
http:
paths:
- backend:
service:
name: argocd-server
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- argocd.chemavx.xyz
secretName: argocd-tls
argocd/secret-argocd-notifications-secret.yaml
+16
View File
@@ -0,0 +1,16 @@
apiVersion: v1
data: {}
kind: Secret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"notifications-controller","app.kubernetes.io/name":"argocd-notifications-controller","app.kubernetes.io/part-of":"argocd"},"name":"argocd-notifications-secret","namespace":"argocd"},"type":"Opaque"}
'
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-secret
namespace: argocd
type: Opaque
argocd/secret-argocd-redis.yaml
+9
View File
@@ -0,0 +1,9 @@
apiVersion: v1
data:
auth: REDACTED
kind: Secret
metadata:
name: argocd-redis
namespace: argocd
type: Opaque
argocd/secret-argocd-secret.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: v1
data:
admin.password: REDACTED
admin.passwordMtime: REDACTED
server.secretkey: REDACTED
tls.crt: REDACTED
tls.key: REDACTED
kind: Secret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"argocd-secret","app.kubernetes.io/part-of":"argocd"},"name":"argocd-secret","namespace":"argocd"},"type":"Opaque"}
'
labels:
app.kubernetes.io/name: argocd-secret
app.kubernetes.io/part-of: argocd
name: argocd-secret
namespace: argocd
type: Opaque
argocd/secret-argocd-tls.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: v1
data:
tls.crt: REDACTED
tls.key: REDACTED
kind: Secret
metadata:
annotations:
cert-manager.io/alt-names: argocd.chemavx.xyz
cert-manager.io/certificate-name: argocd-tls
cert-manager.io/common-name: argocd.chemavx.xyz
cert-manager.io/ip-sans: ''
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-prod
cert-manager.io/uri-sans: ''
labels:
controller.cert-manager.io/fao: 'true'
name: argocd-tls
namespace: argocd
type: kubernetes.io/tls
argocd/secret-gitea-k8s-manifests.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: v1
data:
insecure: REDACTED
password: REDACTED
type: REDACTED
url: REDACTED
username: REDACTED
kind: Secret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/secret-type":"repository"},"name":"gitea-k8s-manifests","namespace":"argocd"},"stringData":{"insecure":"true","password":"GitAdmin2026x","type":"git","url":"https://git.chemavx.xyz/chemavx/k8s-manifests","username":"chemavx"},"type":"Opaque"}
'
labels:
argocd.argoproj.io/secret-type: repository
name: gitea-k8s-manifests
namespace: argocd
type: Opaque
argocd/service-argocd-applicationset-controller.yaml
+31
View File
@@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller
namespace: argocd
spec:
clusterIP: 10.43.111.150
clusterIPs:
- 10.43.111.150
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: webhook
port: 7000
protocol: TCP
targetPort: webhook
- name: metrics
port: 8080
protocol: TCP
targetPort: metrics
selector:
app.kubernetes.io/name: argocd-applicationset-controller
sessionAffinity: None
type: ClusterIP
argocd/service-argocd-dex-server.yaml
+36
View File
@@ -0,0 +1,36 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
namespace: argocd
spec:
clusterIP: 10.43.125.110
clusterIPs:
- 10.43.125.110
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: TCP
name: http
port: 5556
protocol: TCP
targetPort: 5556
- name: grpc
port: 5557
protocol: TCP
targetPort: 5557
- name: metrics
port: 5558
protocol: TCP
targetPort: 5558
selector:
app.kubernetes.io/name: argocd-dex-server
sessionAffinity: None
type: ClusterIP
argocd/service-argocd-metrics.yaml
+27
View File
@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/name: argocd-metrics
app.kubernetes.io/part-of: argocd
name: argocd-metrics
namespace: argocd
spec:
clusterIP: 10.43.114.194
clusterIPs:
- 10.43.114.194
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: metrics
port: 8082
protocol: TCP
targetPort: 8082
selector:
app.kubernetes.io/name: argocd-application-controller
sessionAffinity: None
type: ClusterIP
argocd/service-argocd-notifications-controller-metrics.yaml
+27
View File
@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller-metrics
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller-metrics
namespace: argocd
spec:
clusterIP: 10.43.30.178
clusterIPs:
- 10.43.30.178
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: metrics
port: 9001
protocol: TCP
targetPort: 9001
selector:
app.kubernetes.io/name: argocd-notifications-controller
sessionAffinity: None
type: ClusterIP
argocd/service-argocd-redis.yaml
+27
View File
@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
namespace: argocd
spec:
clusterIP: 10.43.63.154
clusterIPs:
- 10.43.63.154
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: tcp-redis
port: 6379
protocol: TCP
targetPort: 6379
selector:
app.kubernetes.io/name: argocd-redis
sessionAffinity: None
type: ClusterIP
argocd/service-argocd-repo-server.yaml
+31
View File
@@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
namespace: argocd
spec:
clusterIP: 10.43.103.206
clusterIPs:
- 10.43.103.206
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: server
port: 8081
protocol: TCP
targetPort: 8081
- name: metrics
port: 8084
protocol: TCP
targetPort: 8084
selector:
app.kubernetes.io/name: argocd-repo-server
sessionAffinity: None
type: ClusterIP
argocd/service-argocd-server-metrics.yaml
+27
View File
@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server-metrics
app.kubernetes.io/part-of: argocd
name: argocd-server-metrics
namespace: argocd
spec:
clusterIP: 10.43.162.46
clusterIPs:
- 10.43.162.46
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: metrics
port: 8083
protocol: TCP
targetPort: 8083
selector:
app.kubernetes.io/name: argocd-server
sessionAffinity: None
type: ClusterIP
argocd/service-argocd-server.yaml
+31
View File
@@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
namespace: argocd
spec:
clusterIP: 10.43.16.182
clusterIPs:
- 10.43.16.182
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/name: argocd-server
sessionAffinity: None
type: ClusterIP
argocd/serviceaccount-argocd-application-controller.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
namespace: argocd
argocd/serviceaccount-argocd-applicationset-controller.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller
namespace: argocd
argocd/serviceaccount-argocd-dex-server.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
namespace: argocd
argocd/serviceaccount-argocd-notifications-controller.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller
namespace: argocd
argocd/serviceaccount-argocd-redis.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
namespace: argocd
argocd/serviceaccount-argocd-repo-server.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
namespace: argocd
argocd/serviceaccount-argocd-server.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
namespace: argocd
argocd/statefulset-argocd-application-controller.yaml
+382
View File
@@ -0,0 +1,382 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
namespace: argocd
spec:
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
podManagementPolicy: OrderedReady
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
serviceName: argocd-application-controller
template:
metadata:
labels:
app.kubernetes.io/name: argocd-application-controller
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- args:
- /usr/local/bin/argocd-application-controller
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: auth
name: argocd-redis
- name: ARGOCD_CONTROLLER_REPLICAS
value: '1'
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.hard.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_RECONCILIATION_JITTER
valueFrom:
configMapKeyRef:
key: timeout.reconciliation.jitter
name: argocd-cm
optional: true
- name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
valueFrom:
configMapKeyRef:
key: controller.repo.error.grace.period.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
key: controller.status.processors
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
valueFrom:
configMapKeyRef:
key: controller.operation.processors
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: controller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: controller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.metrics.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.factor
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.cap.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.cooldown.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SYNC_WAVE_DELAY
valueFrom:
configMapKeyRef:
key: controller.sync.wave.delay.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
valueFrom:
configMapKeyRef:
key: controller.sync.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: controller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: controller.repo.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
key: controller.resource.health.persist
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.app.state.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
key: otlp.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
key: otlp.headers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS
valueFrom:
configMapKeyRef:
key: otlp.attrs
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
valueFrom:
configMapKeyRef:
key: controller.sharding.algorithm
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: controller.kubectl.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_MAX
valueFrom:
configMapKeyRef:
key: controller.k8sclient.retry.max
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
valueFrom:
configMapKeyRef:
key: controller.k8sclient.retry.base.backoff
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
valueFrom:
configMapKeyRef:
key: controller.diff.server.side
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
valueFrom:
configMapKeyRef:
key: controller.ignore.normalizer.jq.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_HYDRATOR_ENABLED
valueFrom:
configMapKeyRef:
key: hydrator.enabled
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
valueFrom:
configMapKeyRef:
key: controller.cluster.cache.batch.events.processing
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
valueFrom:
configMapKeyRef:
key: controller.cluster.cache.events.processing.interval
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
valueFrom:
configMapKeyRef:
key: commit.server
name: argocd-cmd-params-cm
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:v3.3.6
imagePullPolicy: Always
name: argocd-application-controller
ports:
- containerPort: 8082
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8082
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
- mountPath: /home/argocd/params
name: argocd-cmd-params-cm
- mountPath: /tmp
name: argocd-application-controller-tmp
workingDir: /home/argocd
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: argocd-application-controller
serviceAccountName: argocd-application-controller
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: argocd-home
- emptyDir: {}
name: argocd-application-controller-tmp
- name: argocd-repo-server-tls
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- configMap:
defaultMode: 420
items:
- key: controller.profile.enabled
path: profiler.enabled
name: argocd-cmd-params-cm
optional: true
name: argocd-cmd-params-cm
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate