apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: argocd-applicationset-controller app.kubernetes.io/part-of: argocd-applicationset annotations: reloader.stakater.com/auto: "true" name: argocd-applicationset-controller namespace: devops spec: replicas: 1 revisionHistoryLimit: 1 selector: matchLabels: app.kubernetes.io/name: argocd-applicationset-controller template: metadata: labels: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - command: - entrypoint.sh - applicationset-controller env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: ghcr.io/jr64/argocd-applicationset:v0.4.0 # quay.io/argoproj/argocd-applicationset:v0.4.1 imagePullPolicy: Always name: argocd-applicationset-controller ports: - containerPort: 7000 name: webhook volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring serviceAccountName: argocd-applicationset-controller volumes: - configMap: name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: name: argocd-tls-certs-cm name: tls-certs - configMap: name: argocd-gpg-keys-cm name: gpg-keys - emptyDir: {} name: gpg-keyring --- # apiVersion: apps/v1 # kind: Deployment # metadata: # labels: # app.kubernetes.io/component: dex-server # app.kubernetes.io/name: argocd-dex-server # app.kubernetes.io/part-of: argocd # name: argocd-dex-server # namespace: devops # spec: # selector: # matchLabels: # app.kubernetes.io/name: argocd-dex-server # template: # metadata: # labels: # app.kubernetes.io/name: argocd-dex-server # spec: # affinity: # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - podAffinityTerm: # labelSelector: # matchLabels: # app.kubernetes.io/part-of: argocd # topologyKey: kubernetes.io/hostname # weight: 5 # containers: # - command: # - /shared/argocd-dex # - rundex # image: ghcr.io/dexidp/dex:v2.30.2 # imagePullPolicy: Always # name: dex # ports: # - containerPort: 5556 # - containerPort: 5557 # - containerPort: 5558 # securityContext: # allowPrivilegeEscalation: false # readOnlyRootFilesystem: true # runAsNonRoot: true # volumeMounts: # - mountPath: /shared # name: static-files # - mountPath: /tmp # name: dexconfig # initContainers: # - command: # - cp # - -n # - /usr/local/bin/argocd # - /shared/argocd-dex # image: quay.io/argoproj/argocd:v2.3.4 # imagePullPolicy: Always # name: copyutil # volumeMounts: # - mountPath: /shared # name: static-files # - mountPath: /tmp # name: dexconfig # serviceAccountName: argocd-dex-server # volumes: # - emptyDir: {} # name: static-files # - emptyDir: {} # name: dexconfig --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-notifications-controller namespace: devops spec: replicas: 1 revisionHistoryLimit: 1 selector: matchLabels: app.kubernetes.io/name: argocd-notifications-controller strategy: type: Recreate template: metadata: labels: app.kubernetes.io/name: argocd-notifications-controller spec: containers: - command: - argocd-notifications image: quay.io/argoproj/argocd:v2.3.4 imagePullPolicy: Always livenessProbe: tcpSocket: port: 9001 name: argocd-notifications-controller volumeMounts: - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls workingDir: /app securityContext: runAsNonRoot: true serviceAccountName: argocd-notifications-controller volumes: - configMap: name: argocd-tls-certs-cm name: tls-certs - name: argocd-repo-server-tls secret: items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: repo-server app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd name: argocd-repo-server namespace: devops spec: selector: matchLabels: app.kubernetes.io/name: argocd-repo-server template: metadata: labels: app.kubernetes.io/name: argocd-repo-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server topologyKey: kubernetes.io/hostname weight: 100 - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 automountServiceAccountToken: false containers: - command: - entrypoint.sh - argocd-repo-server - --redis - redis.storage:6379 env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true - name: ARGOCD_REPO_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: reposerver.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: reposerver.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: reposerver.disable.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: reposerver.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.repo.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.default.cache.expiration name: argocd-cmd-params-cm optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir image: quay.io/argoproj/argocd:v2.3.4 imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 periodSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 - containerPort: 8084 readinessProbe: httpGet: path: /healthz port: 8084 initialDelaySeconds: 5 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - mountPath: /tmp name: tmp - mountPath: /helm-working-dir name: helm-working-dir - mountPath: /home/argocd/cmp-server/plugins name: plugins initContainers: - command: - cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server image: quay.io/argoproj/argocd:v2.3.4 name: copyutil volumeMounts: - mountPath: /var/run/argocd name: var-files volumes: - configMap: name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: name: argocd-tls-certs-cm name: tls-certs - configMap: name: argocd-gpg-keys-cm name: gpg-keys - emptyDir: {} name: gpg-keyring - emptyDir: {} name: tmp - emptyDir: {} name: helm-working-dir - name: argocd-repo-server-tls secret: items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls - emptyDir: {} name: var-files - emptyDir: {} name: plugins --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server namespace: devops spec: replicas: 1 revisionHistoryLimit: 1 selector: matchLabels: app.kubernetes.io/name: argocd-server template: metadata: labels: app.kubernetes.io/name: argocd-server spec: containers: - command: - argocd-server - --insecure # - --auth-mode sso env: - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: key: server.insecure name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_BASEHREF valueFrom: configMapKeyRef: key: server.basehref name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_ROOTPATH valueFrom: configMapKeyRef: key: server.rootpath name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: server.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: server.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER valueFrom: configMapKeyRef: key: repo.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DEX_SERVER valueFrom: configMapKeyRef: key: server.dex.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DISABLE_AUTH valueFrom: configMapKeyRef: key: server.disable.auth name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_ENABLE_GZIP valueFrom: configMapKeyRef: key: server.enable.gzip name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: server.repo.server.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_X_FRAME_OPTIONS valueFrom: configMapKeyRef: key: server.x.frame.options name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: server.repo.server.plaintext name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS valueFrom: configMapKeyRef: key: server.repo.server.strict.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: server.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: server.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: server.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.connection.status.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.oidc.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION valueFrom: configMapKeyRef: key: server.login.attempts.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_STATIC_ASSETS valueFrom: configMapKeyRef: key: server.staticassets name: argocd-cmd-params-cm optional: true - name: ARGOCD_APP_STATE_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.app.state.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.default.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_MAX_COOKIE_NUMBER valueFrom: configMapKeyRef: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v2.3.4 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz?full=true port: 8080 initialDelaySeconds: 3 periodSeconds: 30 name: argocd-server ports: - containerPort: 8080 - containerPort: 8083 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 30 securityContext: allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/server/tls name: argocd-repo-server-tls - mountPath: /home/argocd name: plugins-home - mountPath: /tmp name: tmp - mountPath: /etc/ssl/certs/git.bhasher.com.pem name: tls-certs subPath: git.bhasher.com serviceAccountName: argocd-server volumes: - emptyDir: {} name: plugins-home - emptyDir: {} name: tmp - emptyDir: {} name: static-files - configMap: name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: name: argocd-tls-certs-cm name: tls-certs - name: argocd-repo-server-tls secret: items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: application-controller app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller namespace: devops spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: argocd-application-controller serviceName: argocd-application-controller template: metadata: labels: app.kubernetes.io/name: argocd-application-controller spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-application-controller topologyKey: kubernetes.io/hostname weight: 100 - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 containers: - command: - argocd-application-controller env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: key: repo.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: controller.repo.server.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS valueFrom: configMapKeyRef: key: controller.status.processors name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS valueFrom: configMapKeyRef: key: controller.operation.processors name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT valueFrom: configMapKeyRef: key: controller.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL valueFrom: configMapKeyRef: key: controller.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: controller.metrics.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: controller.self.heal.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: controller.repo.server.plaintext name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS valueFrom: configMapKeyRef: key: controller.repo.server.strict.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_APP_STATE_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: controller.app.state.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: controller.default.cache.expiration name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v2.3.4 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 8082 initialDelaySeconds: 5 periodSeconds: 10 name: argocd-application-controller ports: - containerPort: 8082 readinessProbe: httpGet: path: /healthz port: 8082 initialDelaySeconds: 5 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /app/config/controller/tls name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home workingDir: /home/argocd serviceAccountName: argocd-application-controller volumes: - emptyDir: {} name: argocd-home - name: argocd-repo-server-tls secret: items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: argocd-applicationset-controller app.kubernetes.io/part-of: argocd-applicationset name: argocd-applicationset-controller namespace: devops spec: ports: - name: webhook port: 7000 protocol: TCP targetPort: webhook selector: app.kubernetes.io/name: argocd-applicationset-controller --- # apiVersion: v1 # kind: Service # metadata: # labels: # app.kubernetes.io/component: dex-server # app.kubernetes.io/name: argocd-dex-server # app.kubernetes.io/part-of: argocd # name: argocd-dex-server # namespace: devops # spec: # ports: # - name: http # port: 5556 # protocol: TCP # targetPort: 5556 # - name: grpc # port: 5557 # protocol: TCP # targetPort: 5557 # - name: metrics # port: 5558 # protocol: TCP # targetPort: 5558 # selector: # app.kubernetes.io/name: argocd-dex-server --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: metrics app.kubernetes.io/name: argocd-metrics app.kubernetes.io/part-of: argocd name: argocd-metrics namespace: devops spec: ports: - name: metrics port: 8082 protocol: TCP targetPort: 8082 selector: app.kubernetes.io/name: argocd-application-controller --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: argocd-notifications-controller-metrics name: argocd-notifications-controller-metrics namespace: devops spec: ports: - name: metrics port: 9001 protocol: TCP targetPort: 9001 selector: app.kubernetes.io/name: argocd-notifications-controller --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis app.kubernetes.io/part-of: argocd name: argocd-redis namespace: devops spec: ports: - name: tcp-redis port: 6379 targetPort: 6379 selector: app.kubernetes.io/name: argocd-redis --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: repo-server app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd name: argocd-repo-server namespace: devops spec: ports: - name: server port: 8081 protocol: TCP targetPort: 8081 - name: metrics port: 8084 protocol: TCP targetPort: 8084 selector: app.kubernetes.io/name: argocd-repo-server --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server namespace: devops spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 - name: https port: 443 protocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: argocd-server --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server-metrics app.kubernetes.io/part-of: argocd name: argocd-server-metrics namespace: devops spec: ports: - name: metrics port: 8083 protocol: TCP targetPort: 8083 selector: app.kubernetes.io/name: argocd-server --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: argocd namespace: devops annotations: cert-manager.io/cluster-issuer: "bhasherca-k3s-issuer" cert-manager.io/common-name: "argocd.bhasher.com" spec: ingressClassName: nginx tls: - hosts: - argocd.bhasher.com secretName: argocd-tls rules: - host: argocd.bhasher.com http: paths: - path: / pathType: Prefix backend: service: name: argocd-server port: number: 80