apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '1' labels: app.kubernetes.io/component: applicationset-controller app.kubernetes.io/name: argocd-applicationset-controller app.kubernetes.io/part-of: argocd name: argocd-applicationset-controller namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: argocd-applicationset-controller strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - args: - /usr/local/bin/argocd-applicationset-controller env: - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS valueFrom: configMapKeyRef: key: applicationsetcontroller.global.preserved.annotations name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS valueFrom: configMapKeyRef: key: applicationsetcontroller.global.preserved.labels name: argocd-cmd-params-cm optional: true - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: key: repo.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY valueFrom: configMapKeyRef: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.policy.override name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: key: applicationsetcontroller.debug name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT valueFrom: configMapKeyRef: key: applicationsetcontroller.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL valueFrom: configMapKeyRef: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_LOG_FORMAT_TIMESTAMP valueFrom: configMapKeyRef: key: log.format.timestamp name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: key: applicationsetcontroller.dryrun name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.git.submodule name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.tokenref.strict.mode name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.new.git.file.globbing name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: applicationsetcontroller.repo.server.plaintext name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS valueFrom: configMapKeyRef: key: applicationsetcontroller.repo.server.strict.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: applicationsetcontroller.repo.server.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS valueFrom: configMapKeyRef: key: applicationsetcontroller.concurrent.reconciliations.max name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES valueFrom: configMapKeyRef: key: applicationsetcontroller.namespaces name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH valueFrom: configMapKeyRef: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.allowed.scm.providers name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.github.api.metrics name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: applicationsetcontroller.webhook.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER valueFrom: configMapKeyRef: key: applicationsetcontroller.requeue.after name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_MAX_RESOURCES_STATUS_COUNT valueFrom: configMapKeyRef: key: applicationsetcontroller.status.max.resources.count name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v3.3.5 imagePullPolicy: Always name: argocd-applicationset-controller ports: - containerPort: 7000 name: webhook protocol: TCP - containerPort: 8080 name: metrics protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - mountPath: /tmp name: tmp - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - mountPath: /home/argocd/params name: argocd-cmd-params-cm dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: argocd-applicationset-controller serviceAccountName: argocd-applicationset-controller terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: defaultMode: 420 name: argocd-tls-certs-cm name: tls-certs - configMap: defaultMode: 420 name: argocd-gpg-keys-cm name: gpg-keys - emptyDir: {} name: gpg-keyring - emptyDir: {} name: tmp - name: argocd-repo-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls - configMap: defaultMode: 420 items: - key: applicationsetcontroller.profile.enabled path: profiler.enabled name: argocd-cmd-params-cm optional: true name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '1' labels: app.kubernetes.io/component: dex-server app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: argocd-dex-server strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: argocd-dex-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 containers: - command: - /shared/argocd-dex - rundex env: - name: ARGOCD_DEX_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: dexserver.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEX_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: dexserver.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_LOG_FORMAT_TIMESTAMP valueFrom: configMapKeyRef: key: log.format.timestamp name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true image: ghcr.io/dexidp/dex:v2.43.0 imagePullPolicy: Always name: dex ports: - containerPort: 5556 protocol: TCP - containerPort: 5557 protocol: TCP - containerPort: 5558 protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /shared name: static-files - mountPath: /tmp name: dexconfig - mountPath: /tls name: argocd-dex-server-tls dnsPolicy: ClusterFirst initContainers: - command: - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex image: quay.io/argoproj/argocd:v3.3.5 imagePullPolicy: Always name: copyutil resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /shared name: static-files - mountPath: /tmp name: dexconfig nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: argocd-dex-server serviceAccountName: argocd-dex-server terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: static-files - emptyDir: {} name: dexconfig - name: argocd-dex-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-dex-server-tls --- apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '1' labels: app.kubernetes.io/component: notifications-controller app.kubernetes.io/name: argocd-notifications-controller app.kubernetes.io/part-of: argocd name: argocd-notifications-controller namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: argocd-notifications-controller strategy: type: Recreate template: metadata: labels: app.kubernetes.io/name: argocd-notifications-controller spec: containers: - args: - /usr/local/bin/argocd-notifications env: - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT valueFrom: configMapKeyRef: key: notificationscontroller.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL valueFrom: configMapKeyRef: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_LOG_FORMAT_TIMESTAMP valueFrom: configMapKeyRef: key: log.format.timestamp name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: key: application.namespaces name: argocd-cmd-params-cm optional: true - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED valueFrom: configMapKeyRef: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: notificationscontroller.repo.server.plaintext name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v3.3.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 9001 timeoutSeconds: 1 name: argocd-notifications-controller resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls workingDir: /app dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccount: argocd-notifications-controller serviceAccountName: argocd-notifications-controller terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 name: argocd-tls-certs-cm name: tls-certs - name: argocd-repo-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls --- apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '1' labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis app.kubernetes.io/part-of: argocd name: argocd-redis namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: argocd-redis strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: argocd-redis spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-redis topologyKey: kubernetes.io/hostname weight: 100 - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 containers: - args: - --save - '' - --appendonly - 'no' - --requirepass $(REDIS_PASSWORD) env: - name: REDIS_PASSWORD valueFrom: secretKeyRef: key: auth name: argocd-redis image: public.ecr.aws/docker/library/redis:8.2.3-alpine imagePullPolicy: Always name: redis ports: - containerPort: 6379 protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst initContainers: - command: - argocd - admin - redis-initial-password image: quay.io/argoproj/argocd:v3.3.5 imagePullPolicy: IfNotPresent name: secret-init resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true runAsUser: 999 seccompProfile: type: RuntimeDefault serviceAccount: argocd-redis serviceAccountName: argocd-redis terminationGracePeriodSeconds: 30 --- apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '1' labels: app.kubernetes.io/component: repo-server app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd name: argocd-repo-server namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: argocd-repo-server strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: argocd-repo-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server topologyKey: kubernetes.io/hostname weight: 100 - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 automountServiceAccountToken: false containers: - args: - /usr/local/bin/argocd-repo-server env: - name: REDIS_PASSWORD valueFrom: secretKeyRef: key: auth name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true - name: ARGOCD_REPO_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: reposerver.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: reposerver.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_LOG_FORMAT_TIMESTAMP valueFrom: configMapKeyRef: key: log.format.timestamp name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS valueFrom: configMapKeyRef: key: reposerver.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS valueFrom: configMapKeyRef: key: reposerver.metrics.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: reposerver.disable.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: reposerver.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.repo.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDIS_COMPRESSION valueFrom: configMapKeyRef: key: redis.compression name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.default.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: key: otlp.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_INSECURE valueFrom: configMapKeyRef: key: otlp.insecure name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_HEADERS valueFrom: configMapKeyRef: key: otlp.headers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_ATTRS valueFrom: configMapKeyRef: key: otlp.attrs name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: key: reposerver.max.combined.directory.manifests.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS valueFrom: configMapKeyRef: key: reposerver.plugin.tar.exclusions name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS valueFrom: configMapKeyRef: key: reposerver.plugin.use.manifest.generate.paths name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: key: reposerver.allow.oob.symlinks name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.tar.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.disable.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.oci.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.disable.oci.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES valueFrom: configMapKeyRef: key: reposerver.oci.layer.media.types name: argocd-cmd-params-cm optional: true - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT valueFrom: configMapKeyRef: key: reposerver.revision.cache.lock.timeout name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.git.lsremote.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_REQUEST_TIMEOUT valueFrom: configMapKeyRef: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_ENABLE_BUILTIN_GIT_CONFIG valueFrom: configMapKeyRef: key: reposerver.enable.builtin.git.config name: argocd-cmd-params-cm optional: true - name: ARGOCD_GRPC_MAX_SIZE_MB valueFrom: configMapKeyRef: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES valueFrom: configMapKeyRef: key: reposerver.include.hidden.directories name: argocd-cmd-params-cm optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir image: quay.io/argoproj/argocd:v3.3.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /healthz?full=true port: 8084 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 protocol: TCP - containerPort: 8084 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 8084 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - mountPath: /tmp name: tmp - mountPath: /helm-working-dir name: helm-working-dir - mountPath: /home/argocd/cmp-server/plugins name: plugins dnsPolicy: ClusterFirst initContainers: - args: - /bin/cp --update=none /usr/local/bin/argocd /var/run/argocd/argocd && /bin/ln -s /var/run/argocd/argocd /var/run/argocd/argocd-cmp-server command: - sh - -c image: quay.io/argoproj/argocd:v3.3.5 imagePullPolicy: IfNotPresent name: copyutil resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/argocd name: var-files nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: argocd-repo-server serviceAccountName: argocd-repo-server terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: defaultMode: 420 name: argocd-tls-certs-cm name: tls-certs - configMap: defaultMode: 420 name: argocd-gpg-keys-cm name: gpg-keys - emptyDir: {} name: gpg-keyring - emptyDir: {} name: tmp - emptyDir: {} name: helm-working-dir - name: argocd-repo-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls - emptyDir: {} name: var-files - emptyDir: {} name: plugins --- apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '4' labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: argocd-server strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: kubectl.kubernetes.io/restartedAt: '2026-03-26T16:40:48Z' labels: app.kubernetes.io/name: argocd-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-server topologyKey: kubernetes.io/hostname weight: 100 - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 containers: - args: - /usr/local/bin/argocd-server env: - name: REDIS_PASSWORD valueFrom: secretKeyRef: key: auth name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: key: server.insecure name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_BASEHREF valueFrom: configMapKeyRef: key: server.basehref name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_ROOTPATH valueFrom: configMapKeyRef: key: server.rootpath name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: server.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_LOG_LEVEL valueFrom: configMapKeyRef: key: server.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER valueFrom: configMapKeyRef: key: repo.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DEX_SERVER valueFrom: configMapKeyRef: key: server.dex.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DISABLE_AUTH valueFrom: configMapKeyRef: key: server.disable.auth name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_ENABLE_GZIP valueFrom: configMapKeyRef: key: server.enable.gzip name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: server.repo.server.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_X_FRAME_OPTIONS valueFrom: configMapKeyRef: key: server.x.frame.options name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY valueFrom: configMapKeyRef: key: server.content.security.policy name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: server.repo.server.plaintext name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS valueFrom: configMapKeyRef: key: server.repo.server.strict.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: server.dex.server.plaintext name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS valueFrom: configMapKeyRef: key: server.dex.server.strict.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: server.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: server.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: server.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.connection.status.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.oidc.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_STATIC_ASSETS valueFrom: configMapKeyRef: key: server.staticassets name: argocd-cmd-params-cm optional: true - name: ARGOCD_APP_STATE_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.app.state.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDIS_COMPRESSION valueFrom: configMapKeyRef: key: redis.compression name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.default.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_MAX_COOKIE_NUMBER valueFrom: configMapKeyRef: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_LISTEN_ADDRESS valueFrom: configMapKeyRef: key: server.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS valueFrom: configMapKeyRef: key: server.metrics.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: key: otlp.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_OTLP_INSECURE valueFrom: configMapKeyRef: key: otlp.insecure name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_OTLP_HEADERS valueFrom: configMapKeyRef: key: otlp.headers name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_OTLP_ATTRS valueFrom: configMapKeyRef: key: otlp.attrs name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: key: application.namespaces name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION valueFrom: configMapKeyRef: key: server.enable.proxy.extension name: argocd-cmd-params-cm optional: true - name: ARGOCD_K8SCLIENT_RETRY_MAX valueFrom: configMapKeyRef: key: server.k8sclient.retry.max name: argocd-cmd-params-cm optional: true - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF valueFrom: configMapKeyRef: key: server.k8sclient.retry.base.backoff name: argocd-cmd-params-cm optional: true - name: ARGOCD_API_CONTENT_TYPES valueFrom: configMapKeyRef: key: server.api.content.types name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: server.webhook.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.new.git.file.globbing name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH valueFrom: configMapKeyRef: key: applicationsetcontroller.scm.root.ca.path name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.allowed.scm.providers name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS valueFrom: configMapKeyRef: key: applicationsetcontroller.enable.github.api.metrics name: argocd-cmd-params-cm optional: true - name: ARGOCD_HYDRATOR_ENABLED valueFrom: configMapKeyRef: key: hydrator.enabled name: argocd-cmd-params-cm optional: true - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED valueFrom: configMapKeyRef: key: server.sync.replace.allowed name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v3.3.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /healthz?full=true port: 8080 scheme: HTTP initialDelaySeconds: 3 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 name: argocd-server ports: - containerPort: 8080 protocol: TCP - containerPort: 8083 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 3 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/server/tls name: argocd-repo-server-tls - mountPath: /app/config/dex/tls name: argocd-dex-server-tls - mountPath: /home/argocd name: plugins-home - mountPath: /tmp name: tmp - mountPath: /home/argocd/params name: argocd-cmd-params-cm dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: argocd-server serviceAccountName: argocd-server terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: plugins-home - emptyDir: {} name: tmp - configMap: defaultMode: 420 name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: defaultMode: 420 name: argocd-tls-certs-cm name: tls-certs - name: argocd-repo-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls - name: argocd-dex-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: ca.crt path: ca.crt optional: true secretName: argocd-dex-server-tls - configMap: defaultMode: 420 items: - key: server.profile.enabled path: profiler.enabled name: argocd-cmd-params-cm optional: true name: argocd-cmd-params-cm