You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

12413 lines
578 KiB

# This is an auto-generated file. DO NOT EDIT
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/name: applications.argoproj.io
app.kubernetes.io/part-of: argocd
name: applications.argoproj.io
spec:
group: argoproj.io
names:
kind: Application
listKind: ApplicationList
plural: applications
shortNames:
- app
- apps
singular: application
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.sync.status
name: Sync Status
type: string
- jsonPath: .status.health.status
name: Health Status
type: string
- jsonPath: .status.sync.revision
name: Revision
priority: 10
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Application is a definition of Application resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
operation:
description: Operation contains information about a requested or running
operation
properties:
info:
description: Info is a list of informational items for this operation
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
initiatedBy:
description: InitiatedBy contains information about who initiated
the operations
properties:
automated:
description: Automated is set to true if operation was initiated
automatically by the application controller.
type: boolean
username:
description: Username contains the name of a user who started
operation
type: string
type: object
retry:
description: Retry controls the strategy to apply if a sync fails
properties:
backoff:
description: Backoff controls how to backoff on subsequent retries
of failed syncs
properties:
duration:
description: Duration is the amount to back off. Default unit
is seconds, but could also be a duration (e.g. "2m", "1h")
type: string
factor:
description: Factor is a factor to multiply the base duration
after each failed retry
format: int64
type: integer
maxDuration:
description: MaxDuration is the maximum amount of time allowed
for the backoff strategy
type: string
type: object
limit:
description: Limit is the maximum number of attempts for retrying
a failed sync. If set to 0, no retries will be performed.
format: int64
type: integer
type: object
sync:
description: Sync contains parameters for the operation
properties:
dryRun:
description: DryRun specifies to perform a `kubectl apply --dry-run`
without actually performing the sync
type: boolean
manifests:
description: Manifests is an optional field that overrides sync
source with a local directory for development
items:
type: string
type: array
prune:
description: Prune specifies to delete resources from the cluster
that are no longer tracked in git
type: boolean
resources:
description: Resources describes which resources shall be part
of the sync
items:
description: SyncOperationResource contains resources to sync.
properties:
group:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
required:
- kind
- name
type: object
type: array
revision:
description: Revision is the revision (Git) or chart version (Helm)
which to sync the application to If omitted, will use the revision
specified in app spec.
type: string
source:
description: Source overrides the source definition set in the
application. This is typically set in a Rollback operation and
is nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name, and must be specified
for applications sourced from a Helm repo.
type: string
directory:
description: Directory holds path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match
paths against that should be explicitly excluded from
being used during manifest generation
type: string
include:
description: Include contains a glob pattern to match
paths against that should be explicitly included during
manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External
Variables
items:
description: JsonnetVar represents a variable to
be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level Arguments
items:
description: JsonnetVar represents a variable to
be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory
recursively for manifests
type: boolean
type: object
helm:
description: Helm holds helm specific options
properties:
fileParameters:
description: FileParameters are file parameters to the
helm template
items:
description: HelmFileParameter is a file parameter that's
passed to helm template during manifest generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing
the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm template
from failing when valueFiles do not exist locally by
not appending them to helm template --values
type: boolean
parameters:
description: Parameters is a list of Helm parameters which
are passed to the helm template command upon manifest
generation
items:
description: HelmParameter is a parameter that's passed
to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether to tell
Helm to interpret booleans and numbers as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all domains
(Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name to use.
If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed
to helm template, typically defined as a block
type: string
version:
description: Version is the Helm version to use for templating
("3")
type: string
type: object
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional labels
to add to rendered manifests
type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether
to force applying common annotations to resources for
Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force
applying common labels to resources for Kustomize apps
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
items:
description: KustomizeImage represents a Kustomize image
definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
namePrefix:
description: NamePrefix is a prefix appended to resources
for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
version:
description: Version controls which version of Kustomize
to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
type: string
plugin:
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
items:
description: EnvEntry represents an entry in the application's
environment
properties:
name:
description: Name is the name of the variable, usually
expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
description: RepoURL is the URL to the repository (Git or
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be
commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
type: object
syncOptions:
description: SyncOptions provide per-sync sync-options, e.g. Validate=false
items:
type: string
type: array
syncStrategy:
description: SyncStrategy describes how to perform the sync
properties:
apply:
description: Apply will perform a `kubectl apply` to perform
the sync.
properties:
force:
description: Force indicates whether or not to supply
the --force flag to `kubectl apply`. The --force flag
deletes and re-create the resource, when PATCH encounters
conflict and has retried for 5 times.
type: boolean
type: object
hook:
description: Hook will submit any referenced resources to
perform the sync. This is the default strategy
properties:
force:
description: Force indicates whether or not to supply
the --force flag to `kubectl apply`. The --force flag
deletes and re-create the resource, when PATCH encounters
conflict and has retried for 5 times.
type: boolean
type: object
type: object
type: object
type: object
spec:
description: ApplicationSpec represents desired application state. Contains
link to repository with application definition and additional parameters
link definition revision.
properties:
destination:
description: Destination is a reference to the target Kubernetes server
and namespace
properties:
name:
description: Name is an alternate way of specifying the target
cluster by its symbolic name
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster and
must be set to the Kubernetes control plane API
type: string
type: object
ignoreDifferences:
description: IgnoreDifferences is a list of resources and their fields
which should be ignored during comparison
items:
description: ResourceIgnoreDifferences contains resource filter
and list of json paths which should be ignored during comparison
with live state.
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
description: ManagedFieldsManagers is a list of trusted managers.
Fields mutated by those managers will take precedence over
the desired state defined in the SCM and won't be displayed
in diffs
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
description: Info contains a list of information (URLs, email addresses,
and plain text) that relates to the application
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
description: Project is a reference to the project this application
belongs to. The empty string means that application belongs to the
'default' project.
type: string
revisionHistoryLimit:
description: RevisionHistoryLimit limits the number of items kept
in the application's revision history, which is used for informational
purposes as well as for rollbacks to previous versions. This should
only be changed in exceptional circumstances. Setting to zero will
store no history. This will reduce storage used. Increasing will
increase the space used to store the history, so we do not recommend
increasing it. Default is 10.
format: int64
type: integer
source:
description: Source is a reference to the location of the application's
manifests or chart
properties:
chart:
description: Chart is a Helm chart name, and must be specified
for applications sourced from a Helm repo.
type: string
directory:
description: Directory holds path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match paths
against that should be explicitly excluded from being used
during manifest generation
type: string
include:
description: Include contains a glob pattern to match paths
against that should be explicitly included during manifest
generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External Variables
items:
description: JsonnetVar represents a variable to be
passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level Arguments
items:
description: JsonnetVar represents a variable to be
passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory
recursively for manifests
type: boolean
type: object
helm:
description: Helm holds helm specific options
properties:
fileParameters:
description: FileParameters are file parameters to the helm
template
items:
description: HelmFileParameter is a file parameter that's
passed to helm template during manifest generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing
the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm template
from failing when valueFiles do not exist locally by not
appending them to helm template --values
type: boolean
parameters:
description: Parameters is a list of Helm parameters which
are passed to the helm template command upon manifest generation
items:
description: HelmParameter is a parameter that's passed
to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether to tell
Helm to interpret booleans and numbers as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all domains
(Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name to use.
If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition installation
step (Helm's --skip-crds)
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files to
use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed to
helm template, typically defined as a block
type: string
version:
description: Version is the Helm version to use for templating
("3")
type: string
type: object
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional annotations
to add to rendered manifests
type: object
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional labels to
add to rendered manifests
type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force
applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force
applying common labels to resources for Kustomize apps
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
items:
description: KustomizeImage represents a Kustomize image
definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
namePrefix:
description: NamePrefix is a prefix appended to resources
for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
version:
description: Version controls which version of Kustomize to
use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
type: string
plugin:
description: Plugin holds config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
items:
description: EnvEntry represents an entry in the application's
environment
properties:
name:
description: Name is the name of the variable, usually
expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
description: RepoURL is the URL to the repository (Git or Helm)
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be commit,
tag, or branch. If omitted, will equal to HEAD. In case of Helm,
this is a semver tag for the Chart's version.
type: string
required:
- repoURL
type: object
syncPolicy:
description: SyncPolicy controls when and how a sync will be performed
properties:
automated:
description: Automated will keep an application synced to the
target revision
properties:
allowEmpty:
description: 'AllowEmpty allows apps have zero live resources
(default: false)'
type: boolean
prune:
description: 'Prune specifies whether to delete resources
from the cluster that are not found in the sources anymore
as part of automated sync (default: false)'
type: boolean
selfHeal:
description: 'SelfHeal specifes whether to revert resources
back to their desired state upon modification in the cluster
(default: false)'
type: boolean
type: object
retry:
description: Retry controls failed sync retry behavior
properties:
backoff:
description: Backoff controls how to backoff on subsequent
retries of failed syncs
properties:
duration:
description: Duration is the amount to back off. Default
unit is seconds, but could also be a duration (e.g.
"2m", "1h")
type: string
factor:
description: Factor is a factor to multiply the base duration
after each failed retry
format: int64
type: integer
maxDuration:
description: MaxDuration is the maximum amount of time
allowed for the backoff strategy
type: string
type: object
limit:
description: Limit is the maximum number of attempts for retrying
a failed sync. If set to 0, no retries will be performed.
format: int64
type: integer
type: object
syncOptions:
description: Options allow you to specify whole app sync-options
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
status:
description: ApplicationStatus contains status information for the application
properties:
conditions:
description: Conditions is a list of currently observed application
conditions
items:
description: ApplicationCondition contains details about an application
condition, which is usally an error or warning
properties:
lastTransitionTime:
description: LastTransitionTime is the time the condition was
last observed
format: date-time
type: string
message:
description: Message contains human-readable message indicating
details about condition
type: string
type:
description: Type is an application condition type
type: string
required:
- message
- type
type: object
type: array
health:
description: Health contains information about the application's current
health status
properties:
message:
description: Message is a human-readable informational message
describing the health status
type: string
status:
description: Status holds the status code of the application or
resource
type: string
type: object
history:
description: History contains information about the application's
sync history
items:
description: RevisionHistory contains history information about
a previous sync
properties:
deployStartedAt:
description: DeployStartedAt holds the time the sync operation
started
format: date-time
type: string
deployedAt:
description: DeployedAt holds the time the sync operation completed
format: date-time
type: string
id:
description: ID is an auto incrementing identifier of the RevisionHistory
format: int64
type: integer
revision:
description: Revision holds the revision the sync was performed
against
type: string
source:
description: Source is a reference to the application source
used for the sync operation
properties:
chart:
description: Chart is a Helm chart name, and must be specified
for applications sourced from a Helm repo.
type: string
directory:
description: Directory holds path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match
paths against that should be explicitly excluded from
being used during manifest generation
type: string
include:
description: Include contains a glob pattern to match
paths against that should be explicitly included during
manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External
Variables
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level
Arguments
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory
recursively for manifests
type: boolean
type: object
helm:
description: Helm holds helm specific options
properties:
fileParameters:
description: FileParameters are file parameters to the
helm template
items:
description: HelmFileParameter is a file parameter
that's passed to helm template during manifest generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing
the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm template
from failing when valueFiles do not exist locally
by not appending them to helm template --values
type: boolean
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
manifest generation
items:
description: HelmParameter is a parameter that's passed
to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether to
tell Helm to interpret booleans and numbers
as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all
domains (Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name to
use. If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed
to helm template, typically defined as a block
type: string
version:
description: Version is the Helm version to use for
templating ("3")
type: string
type: object
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional labels
to add to rendered manifests
type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether
to force applying common annotations to resources
for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to
force applying common labels to resources for Kustomize
apps
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
items:
description: KustomizeImage represents a Kustomize
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
namePrefix:
description: NamePrefix is a prefix appended to resources
for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
version:
description: Version controls which version of Kustomize
to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
type: string
plugin:
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
items:
description: EnvEntry represents an entry in the application's
environment
properties:
name:
description: Name is the name of the variable,
usually expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
description: RepoURL is the URL to the repository (Git or
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
type: string
required:
- repoURL
type: object
required:
- deployedAt
- id
- revision
type: object
type: array
observedAt:
description: 'ObservedAt indicates when the application state was
updated without querying latest git state Deprecated: controller
no longer updates ObservedAt field'
format: date-time
type: string
operationState:
description: OperationState contains information about any ongoing
operations, such as a sync
properties:
finishedAt:
description: FinishedAt contains time of operation completion
format: date-time
type: string
message:
description: Message holds any pertinent messages when attempting
to perform operation (typically errors).
type: string
operation:
description: Operation is the original requested operation
properties:
info:
description: Info is a list of informational items for this
operation
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
initiatedBy:
description: InitiatedBy contains information about who initiated
the operations
properties:
automated:
description: Automated is set to true if operation was
initiated automatically by the application controller.
type: boolean
username:
description: Username contains the name of a user who
started operation
type: string
type: object
retry:
description: Retry controls the strategy to apply if a sync
fails
properties:
backoff:
description: Backoff controls how to backoff on subsequent
retries of failed syncs
properties:
duration:
description: Duration is the amount to back off. Default
unit is seconds, but could also be a duration (e.g.
"2m", "1h")
type: string
factor:
description: Factor is a factor to multiply the base
duration after each failed retry
format: int64
type: integer
maxDuration:
description: MaxDuration is the maximum amount of
time allowed for the backoff strategy
type: string
type: object
limit:
description: Limit is the maximum number of attempts for
retrying a failed sync. If set to 0, no retries will
be performed.
format: int64
type: integer
type: object
sync:
description: Sync contains parameters for the operation
properties:
dryRun:
description: DryRun specifies to perform a `kubectl apply
--dry-run` without actually performing the sync
type: boolean
manifests:
description: Manifests is an optional field that overrides
sync source with a local directory for development
items:
type: string
type: array
prune:
description: Prune specifies to delete resources from
the cluster that are no longer tracked in git
type: boolean
resources:
description: Resources describes which resources shall
be part of the sync
items:
description: SyncOperationResource contains resources
to sync.
properties:
group:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
required:
- kind
- name
type: object
type: array
revision:
description: Revision is the revision (Git) or chart version
(Helm) which to sync the application to If omitted,
will use the revision specified in app spec.
type: string
source:
description: Source overrides the source definition set
in the application. This is typically set in a Rollback
operation and is nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name, and must
be specified for applications sourced from a Helm
repo.
type: string
directory:
description: Directory holds path/directory specific
options
properties:
exclude:
description: Exclude contains a glob pattern to
match paths against that should be explicitly
excluded from being used during manifest generation
type: string
include:
description: Include contains a glob pattern to
match paths against that should be explicitly
included during manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to
Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet
External Variables
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest
generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level
Arguments
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest
generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan
a directory recursively for manifests
type: boolean
type: object
helm:
description: Helm holds helm specific options
properties:
fileParameters:
description: FileParameters are file parameters
to the helm template
items:
description: HelmFileParameter is a file parameter
that's passed to helm template during manifest
generation
properties:
name:
description: Name is the name of the Helm
parameter
type: string
path:
description: Path is the path to the file
containing the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents
helm template from failing when valueFiles do
not exist locally by not appending them to helm
template --values
type: boolean
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command
upon manifest generation
items:
description: HelmParameter is a parameter that's
passed to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether
to tell Helm to interpret booleans and
numbers as strings
type: boolean
name:
description: Name is the name of the Helm
parameter
type: string
value:
description: Value is the value for the
Helm parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials
to all domains (Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name
to use. If omitted it will use the application
name
type: string
skipCrds:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value
files to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be
passed to helm template, typically defined as
a block
type: string
version:
description: Version is the Helm version to use
for templating ("3")
type: string
type: object
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional
labels to add to rendered manifests
type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies
whether to force applying common annotations
to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether
to force applying common labels to resources
for Kustomize apps
type: boolean
images:
description: Images is a list of Kustomize image
override specifications
items:
description: KustomizeImage represents a Kustomize
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
namePrefix:
description: NamePrefix is a prefix appended to
resources for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to
resources for Kustomize apps
type: string
version:
description: Version controls which version of
Kustomize to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git
repository, and is only valid for applications sourced
from Git.
type: string
plugin:
description: Plugin holds config management plugin
specific options
properties:
env:
description: Env is a list of environment variable
entries
items:
description: EnvEntry represents an entry in
the application's environment
properties:
name:
description: Name is the name of the variable,
usually expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
description: RepoURL is the URL to the repository
(Git or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to sync the application to. In case of
Git, this can be commit, tag, or branch. If omitted,
will equal to HEAD. In case of Helm, this is a semver
tag for the Chart's version.
type: string
required:
- repoURL
type: object
syncOptions:
description: SyncOptions provide per-sync sync-options,
e.g. Validate=false
items:
type: string
type: array
syncStrategy:
description: SyncStrategy describes how to perform the
sync
properties:
apply:
description: Apply will perform a `kubectl apply`
to perform the sync.
properties:
force:
description: Force indicates whether or not to
supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource,
when PATCH encounters conflict and has retried
for 5 times.
type: boolean
type: object
hook:
description: Hook will submit any referenced resources
to perform the sync. This is the default strategy
properties:
force:
description: Force indicates whether or not to
supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource,
when PATCH encounters conflict and has retried
for 5 times.
type: boolean
type: object
type: object
type: object
type: object
phase:
description: Phase is the current phase of the operation
type: string
retryCount:
description: RetryCount contains time of operation retries
format: int64
type: integer
startedAt:
description: StartedAt contains time of operation start
format: date-time
type: string
syncResult:
description: SyncResult is the result of a Sync operation
properties:
resources:
description: Resources contains a list of sync result items
for each individual resource in a sync operation
items:
description: ResourceResult holds the operation result details
of a specific resource
properties:
group:
description: Group specifies the API group of the resource
type: string
hookPhase:
description: HookPhase contains the state of any operation
associated with this resource OR hook This can also
contain values for non-hook resources.
type: string
hookType:
description: HookType specifies the type of the hook.
Empty for non-hook resources
type: string
kind:
description: Kind specifies the API kind of the resource
type: string
message:
description: Message contains an informational or error
message for the last sync OR operation
type: string
name:
description: Name specifies the name of the resource
type: string
namespace:
description: Namespace specifies the target namespace
of the resource
type: string
status:
description: Status holds the final result of the sync.
Will be empty if the resources is yet to be applied/pruned
and is always zero-value for hooks
type: string
syncPhase:
description: SyncPhase indicates the particular phase
of the sync that this result was acquired in
type: string
version:
description: Version specifies the API version of the
resource
type: string
required:
- group
- kind
- name
- namespace
- version
type: object
type: array
revision:
description: Revision holds the revision this sync operation
was performed to
type: string
source:
description: Source records the application source information
of the sync, used for comparing auto-sync
properties:
chart:
description: Chart is a Helm chart name, and must be specified
for applications sourced from a Helm repo.
type: string
directory:
description: Directory holds path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match
paths against that should be explicitly excluded
from being used during manifest generation
type: string
include:
description: Include contains a glob pattern to match
paths against that should be explicitly included
during manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External
Variables
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level
Arguments
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory
recursively for manifests
type: boolean
type: object
helm:
description: Helm holds helm specific options
properties:
fileParameters:
description: FileParameters are file parameters to
the helm template
items:
description: HelmFileParameter is a file parameter
that's passed to helm template during manifest
generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing
the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm
template from failing when valueFiles do not exist
locally by not appending them to helm template --values
type: boolean
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
manifest generation
items:
description: HelmParameter is a parameter that's
passed to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether
to tell Helm to interpret booleans and numbers
as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm
parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all
domains (Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name
to use. If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed
to helm template, typically defined as a block
type: string
version:
description: Version is the Helm version to use for
templating ("3")
type: string
type: object
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional
labels to add to rendered manifests
type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether
to force applying common annotations to resources
for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to
force applying common labels to resources for Kustomize
apps
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
items:
description: KustomizeImage represents a Kustomize
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
namePrefix:
description: NamePrefix is a prefix appended to resources
for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
version:
description: Version controls which version of Kustomize
to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
type: string
plugin:
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
entries
items:
description: EnvEntry represents an entry in the
application's environment
properties:
name:
description: Name is the name of the variable,
usually expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
description: RepoURL is the URL to the repository (Git
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
type: string
required:
- repoURL
type: object
required:
- revision
type: object
required:
- operation
- phase
- startedAt
type: object
reconciledAt:
description: ReconciledAt indicates when the application state was
reconciled using the latest git version
format: date-time
type: string
resourceHealthSource:
description: 'ResourceHealthSource indicates where the resource health
status is stored: inline if not set or appTree'
type: string
resources:
description: Resources is a list of Kubernetes resources managed by
this application
items:
description: 'ResourceStatus holds the current sync and health status
of a resource TODO: describe members of this type'
properties:
group:
type: string
health:
description: HealthStatus contains information about the currently
observed health state of an application or resource
properties:
message:
description: Message is a human-readable informational message
describing the health status
type: string
status:
description: Status holds the status code of the application
or resource
type: string
type: object
hook:
type: boolean
kind:
type: string
name:
type: string
namespace:
type: string
requiresPruning:
type: boolean
status:
description: SyncStatusCode is a type which represents possible
comparison results
type: string
syncWave:
format: int64
type: integer
version:
type: string
type: object
type: array
sourceType:
description: SourceType specifies the type of this application
type: string
summary:
description: Summary contains a list of URLs and container images
used by this application
properties:
externalURLs:
description: ExternalURLs holds all external URLs of application
child resources.
items:
type: string
type: array
images:
description: Images holds all images of application child resources.
items:
type: string
type: array
type: object
sync:
description: Sync contains information about the application's current
sync status
properties:
comparedTo:
description: ComparedTo contains information about what has been
compared
properties:
destination:
description: Destination is a reference to the application's
destination used for comparison
properties:
name:
description: Name is an alternate way of specifying the
target cluster by its symbolic name
type: string
namespace:
description: Namespace specifies the target namespace
for the application's resources. The namespace will
only be set for namespace-scoped resources that have
not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster
and must be set to the Kubernetes control plane API
type: string
type: object
source:
description: Source is a reference to the application's source
used for comparison
properties:
chart:
description: Chart is a Helm chart name, and must be specified
for applications sourced from a Helm repo.
type: string
directory:
description: Directory holds path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match
paths against that should be explicitly excluded
from being used during manifest generation
type: string
include:
description: Include contains a glob pattern to match
paths against that should be explicitly included
during manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External
Variables
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level
Arguments
items:
description: JsonnetVar represents a variable
to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory
recursively for manifests
type: boolean
type: object
helm:
description: Helm holds helm specific options
properties:
fileParameters:
description: FileParameters are file parameters to
the helm template
items:
description: HelmFileParameter is a file parameter
that's passed to helm template during manifest
generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing
the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm
template from failing when valueFiles do not exist
locally by not appending them to helm template --values
type: boolean
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
manifest generation
items:
description: HelmParameter is a parameter that's
passed to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether
to tell Helm to interpret booleans and numbers
as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm
parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all
domains (Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name
to use. If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed
to helm template, typically defined as a block
type: string
version:
description: Version is the Helm version to use for
templating ("3")
type: string
type: object
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional
labels to add to rendered manifests
type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether
to force applying common annotations to resources
for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to
force applying common labels to resources for Kustomize
apps
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
items:
description: KustomizeImage represents a Kustomize
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
namePrefix:
description: NamePrefix is a prefix appended to resources
for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
version:
description: Version controls which version of Kustomize
to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
type: string
plugin:
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
entries
items:
description: EnvEntry represents an entry in the
application's environment
properties:
name:
description: Name is the name of the variable,
usually expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
description: RepoURL is the URL to the repository (Git
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
type: string
required:
- repoURL
type: object
required:
- destination
- source
type: object
revision:
description: Revision contains information about the revision
the comparison has been performed to
type: string
status:
description: Status is the sync state of the comparison
type: string
required:
- status
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/name: applicationsets.argoproj.io
app.kubernetes.io/part-of: argocd
name: applicationsets.argoproj.io
spec:
group: argoproj.io
names:
kind: ApplicationSet
listKind: ApplicationSetList
plural: applicationsets
shortNames:
- appset
- appsets
singular: applicationset
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
generators:
items:
properties:
clusterDecisionResource:
properties:
configMapRef:
type: string
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
name:
type: string
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
values:
additionalProperties:
type: string
type: object
required:
- configMapRef
type: object
clusters:
properties:
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
values:
additionalProperties:
type: string
type: object
type: object
git:
properties:
directories:
items:
properties:
exclude:
type: boolean
path:
type: string
required:
- path
type: object
type: array
files:
items:
properties:
path:
type: string
required:
- path
type: object
type: array
repoURL:
type: string
requeueAfterSeconds:
format: int64
type: integer
revision:
type: string
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- repoURL
- revision
type: object
list:
properties:
elements:
items:
x-kubernetes-preserve-unknown-fields: true
type: array
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- elements
type: object
matrix:
properties:
generators:
items:
properties:
clusterDecisionResource:
properties:
configMapRef:
type: string
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
name:
type: string
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
values:
additionalProperties:
type: string
type: object
required:
- configMapRef
type: object
clusters:
properties:
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
values:
additionalProperties:
type: string
type: object
type: object
git:
properties:
directories:
items:
properties:
exclude:
type: boolean
path:
type: string
required:
- path
type: object
type: array
files:
items:
properties:
path:
type: string
required:
- path
type: object
type: array
repoURL:
type: string
requeueAfterSeconds:
format: int64
type: integer
revision:
type: string
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- repoURL
- revision
type: object
list:
properties:
elements:
items:
x-kubernetes-preserve-unknown-fields: true
type: array
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- elements
type: object
matrix:
x-kubernetes-preserve-unknown-fields: true
merge:
x-kubernetes-preserve-unknown-fields: true
pullRequest:
properties:
bitbucketServer:
properties:
api:
type: string
basicAuth:
properties:
passwordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
username:
type: string
required:
- passwordRef
- username
type: object
project:
type: string
repo:
type: string
required:
- api
- project
- repo
type: object
filters:
items:
properties:
branchMatch:
type: string
type: object
type: array
gitea:
properties:
api:
type: string
insecure:
type: boolean
owner:
type: string
repo:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- api
- owner
- repo
type: object
github:
properties:
api:
type: string
appSecretName:
type: string
labels:
items:
type: string
type: array
owner:
type: string
repo:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- owner
- repo
type: object
gitlab:
properties:
api:
type: string
labels:
items:
type: string
type: array
project:
type: string
pullRequestState:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- project
type: object
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
type: object
scmProvider:
properties:
azureDevOps:
properties:
accessTokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
allBranches:
type: boolean
api:
type: string
organization:
type: string
teamProject:
type: string
required:
- accessTokenRef
- organization
- teamProject
type: object
bitbucket:
properties:
allBranches:
type: boolean
appPasswordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
owner:
type: string
user:
type: string
required:
- appPasswordRef
- owner
- user
type: object
bitbucketServer:
properties:
allBranches:
type: boolean
api:
type: string
basicAuth:
properties:
passwordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
username:
type: string
required:
- passwordRef
- username
type: object
project:
type: string
required:
- api
- project
type: object
cloneProtocol:
type: string
filters:
items:
properties:
branchMatch:
type: string
labelMatch:
type: string
pathsDoNotExist:
items:
type: string
type: array
pathsExist:
items:
type: string
type: array
repositoryMatch:
type: string
type: object
type: array
gitea:
properties:
allBranches:
type: boolean
api:
type: string
insecure:
type: boolean
owner:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- api
- owner
type: object
github:
properties:
allBranches:
type: boolean
api:
type: string
appSecretName:
type: string
organization:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- organization
type: object
gitlab:
properties:
allBranches:
type: boolean
api:
type: string
group:
type: string
includeSubgroups:
type: boolean
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- group
type: object
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
type: object
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
type: object
type: array
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- generators
type: object
merge:
properties:
generators:
items:
properties:
clusterDecisionResource:
properties:
configMapRef:
type: string
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
name:
type: string
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
values:
additionalProperties:
type: string
type: object
required:
- configMapRef
type: object
clusters:
properties:
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
values:
additionalProperties:
type: string
type: object
type: object
git:
properties:
directories:
items:
properties:
exclude:
type: boolean
path:
type: string
required:
- path
type: object
type: array
files:
items:
properties:
path:
type: string
required:
- path
type: object
type: array
repoURL:
type: string
requeueAfterSeconds:
format: int64
type: integer
revision:
type: string
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- repoURL
- revision
type: object
list:
properties:
elements:
items:
x-kubernetes-preserve-unknown-fields: true
type: array
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- elements
type: object
matrix:
x-kubernetes-preserve-unknown-fields: true
merge:
x-kubernetes-preserve-unknown-fields: true
pullRequest:
properties:
bitbucketServer:
properties:
api:
type: string
basicAuth:
properties:
passwordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
username:
type: string
required:
- passwordRef
- username
type: object
project:
type: string
repo:
type: string
required:
- api
- project
- repo
type: object
filters:
items:
properties:
branchMatch:
type: string
type: object
type: array
gitea:
properties:
api:
type: string
insecure:
type: boolean
owner:
type: string
repo:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- api
- owner
- repo
type: object
github:
properties:
api:
type: string
appSecretName:
type: string
labels:
items:
type: string
type: array
owner:
type: string
repo:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- owner
- repo
type: object
gitlab:
properties:
api:
type: string
labels:
items:
type: string
type: array
project:
type: string
pullRequestState:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- project
type: object
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
type: object
scmProvider:
properties:
azureDevOps:
properties:
accessTokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
allBranches:
type: boolean
api:
type: string
organization:
type: string
teamProject:
type: string
required:
- accessTokenRef
- organization
- teamProject
type: object
bitbucket:
properties:
allBranches:
type: boolean
appPasswordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
owner:
type: string
user:
type: string
required:
- appPasswordRef
- owner
- user
type: object
bitbucketServer:
properties:
allBranches:
type: boolean
api:
type: string
basicAuth:
properties:
passwordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
username:
type: string
required:
- passwordRef
- username
type: object
project:
type: string
required:
- api
- project
type: object
cloneProtocol:
type: string
filters:
items:
properties:
branchMatch:
type: string
labelMatch:
type: string
pathsDoNotExist:
items:
type: string
type: array
pathsExist:
items:
type: string
type: array
repositoryMatch:
type: string
type: object
type: array
gitea:
properties:
allBranches:
type: boolean
api:
type: string
insecure:
type: boolean
owner:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- api
- owner
type: object
github:
properties:
allBranches:
type: boolean
api:
type: string
appSecretName:
type: string
organization:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- organization
type: object
gitlab:
properties:
allBranches:
type: boolean
api:
type: string
group:
type: string
includeSubgroups:
type: boolean
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- group
type: object
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
type: object
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
type: object
type: array
mergeKeys:
items:
type: string
type: array
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- generators
- mergeKeys
type: object
pullRequest:
properties:
bitbucketServer:
properties:
api:
type: string
basicAuth:
properties:
passwordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
username:
type: string
required:
- passwordRef
- username
type: object
project:
type: string
repo:
type: string
required:
- api
- project
- repo
type: object
filters:
items:
properties:
branchMatch:
type: string
type: object
type: array
gitea:
properties:
api:
type: string
insecure:
type: boolean
owner:
type: string
repo:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- api
- owner
- repo
type: object
github:
properties:
api:
type: string
appSecretName:
type: string
labels:
items:
type: string
type: array
owner:
type: string
repo:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- owner
- repo
type: object
gitlab:
properties:
api:
type: string
labels:
items:
type: string
type: array
project:
type: string
pullRequestState:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- project
type: object
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
type: object
scmProvider:
properties:
azureDevOps:
properties:
accessTokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
allBranches:
type: boolean
api:
type: string
organization:
type: string
teamProject:
type: string
required:
- accessTokenRef
- organization
- teamProject
type: object
bitbucket:
properties:
allBranches:
type: boolean
appPasswordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
owner:
type: string
user:
type: string
required:
- appPasswordRef
- owner
- user
type: object
bitbucketServer:
properties:
allBranches:
type: boolean
api:
type: string
basicAuth:
properties:
passwordRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
username:
type: string
required:
- passwordRef
- username
type: object
project:
type: string
required:
- api
- project
type: object
cloneProtocol:
type: string
filters:
items:
properties:
branchMatch:
type: string
labelMatch:
type: string
pathsDoNotExist:
items:
type: string
type: array
pathsExist:
items:
type: string
type: array
repositoryMatch:
type: string
type: object
type: array
gitea:
properties:
allBranches:
type: boolean
api:
type: string
insecure:
type: boolean
owner:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- api
- owner
type: object
github:
properties:
allBranches:
type: boolean
api:
type: string
appSecretName:
type: string
organization:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- organization
type: object
gitlab:
properties:
allBranches:
type: boolean
api:
type: string
group:
type: string
includeSubgroups:
type: boolean
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- group
type: object
requeueAfterSeconds:
format: int64
type: integer
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
type: object
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
type: object
type: array
goTemplate:
type: boolean
syncPolicy:
properties:
preserveResourcesOnDeletion:
type: boolean
type: object
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
spec:
properties:
destination:
properties:
name:
type: string
namespace:
type: string
server:
type: string
type: object
ignoreDifferences:
items:
properties:
group:
type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers:
items:
type: string
type: array
kind:
type: string
managedFieldsManagers:
items:
type: string
type: array
name:
type: string
namespace:
type: string
required:
- kind
type: object
type: array
info:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
project:
type: string
revisionHistoryLimit:
format: int64
type: integer
source:
properties:
chart:
type: string
directory:
properties:
exclude:
type: string
include:
type: string
jsonnet:
properties:
extVars:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
items:
type: string
type: array
tlas:
items:
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
type: boolean
type: object
helm:
properties:
fileParameters:
items:
properties:
name:
type: string
path:
type: string
type: object
type: array
ignoreMissingValueFiles:
type: boolean
parameters:
items:
properties:
forceString:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
passCredentials:
type: boolean
releaseName:
type: string
skipCrds:
type: boolean
valueFiles:
items:
type: string
type: array
values:
type: string
version:
type: string
type: object
kustomize:
properties:
commonAnnotations:
additionalProperties:
type: string
type: object
commonLabels:
additionalProperties:
type: string
type: object
forceCommonAnnotations:
type: boolean
forceCommonLabels:
type: boolean
images:
items:
type: string
type: array
namePrefix:
type: string
nameSuffix:
type: string
version:
type: string
type: object
path:
type: string
plugin:
properties:
env:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
name:
type: string
type: object
repoURL:
type: string
targetRevision:
type: string
required:
- repoURL
type: object
syncPolicy:
properties:
automated:
properties:
allowEmpty:
type: boolean
prune:
type: boolean
selfHeal:
type: boolean
type: object
retry:
properties:
backoff:
properties:
duration:
type: string
factor:
format: int64
type: integer
maxDuration:
type: string
type: object
limit:
format: int64
type: integer
type: object
syncOptions:
items:
type: string
type: array
type: object
required:
- destination
- project
- source
type: object
required:
- metadata
- spec
type: object
required:
- generators
- template
type: object
status:
properties:
conditions:
items:
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
required:
- message
- reason
- status
- type
type: object
type: array
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
name: appprojects.argoproj.io
spec:
group: argoproj.io
names:
kind: AppProject
listKind: AppProjectList
plural: appprojects
shortNames:
- appproj
- appprojs
singular: appproject
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what
may be deployed (repository whitelist, resource whitelist/blacklist) * who
can access these applications (roles, OIDC group claims bindings) * and
what they can do (RBAC policies) * automation access to these roles (JWT
tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available
for deployment
items:
description: ApplicationDestination holds information about the
application's destination
properties:
name:
description: Name is an alternate way of specifying the target
cluster by its symbolic name
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster
and must be set to the Kubernetes control plane API
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
ignore:
description: Ignore contains a list of resources that are to be
excluded from orphaned resources monitoring
items:
description: OrphanedResourceKey is a reference to a resource
to be ignored from
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
permitOnlyProjectScopedClusters:
description: PermitOnlyProjectScopedClusters determines whether destinations
can only reference clusters which are project-scoped
type: boolean
roles:
description: Roles are user defined RBAC roles associated with this
project
items:
description: ProjectRole represents a role that has access to a
project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to
this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound
to this role
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formatted strings
that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
signatureKeys:
description: SignatureKeys contains a list of PGP key IDs that commits
in Git must be signed with in order to be allowed for sync
items:
description: SignatureKey is the specification of a key required
to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceNamespaces:
description: SourceNamespaces defines the namespaces application resources
are allowed to be created in
items:
type: string
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
items:
description: SyncWindow contains the kind, time, duration and attributes
that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window
will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would
otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
type: string
timeZone:
description: TimeZone of the sync that will be applied to the
schedule
type: string
type: object
type: array
type: object
status:
description: AppProjectStatus contains status information for AppProject
CRs
properties:
jwtTokensByRole:
additionalProperties:
description: JWTTokens represents a list of JWT tokens
properties:
items:
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
type: object
description: JWTTokensByRole contains a list of JWT tokens issued
for a given role
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd-applicationset
name: argocd-applicationset-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha-haproxy
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-haproxy
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd-applicationset
name: argocd-applicationset-controller
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-notifications-controller
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- argocd-notifications-cm
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resourceNames:
- argocd-notifications-secret
resources:
- secrets
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-haproxy
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
- applicationsets
verbs:
- create
- get
- list
- watch
- update
- delete
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- delete
- get
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- apiGroups:
- argoproj.io
resources:
- applications
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-application-controller
subjects:
- kind: ServiceAccount
name: argocd-application-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd-applicationset
name: argocd-applicationset-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-applicationset-controller
subjects:
- kind: ServiceAccount
name: argocd-applicationset-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-dex-server
subjects:
- kind: ServiceAccount
name: argocd-dex-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argocd-notifications-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-notifications-controller
subjects:
- kind: ServiceAccount
name: argocd-notifications-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-redis-ha
subjects:
- kind: ServiceAccount
name: argocd-redis-ha
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-haproxy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-redis-ha-haproxy
subjects:
- kind: ServiceAccount
name: argocd-redis-ha-haproxy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-server
subjects:
- kind: ServiceAccount
name: argocd-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argocd-application-controller
subjects:
- kind: ServiceAccount
name: argocd-application-controller
namespace: argocd
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argocd-server
subjects:
- kind: ServiceAccount
name: argocd-server
namespace: argocd
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
name: argocd-cmd-params-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-gpg-keys-cm
app.kubernetes.io/part-of: argocd
name: argocd-gpg-keys-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-rbac-cm
app.kubernetes.io/part-of: argocd
name: argocd-rbac-cm
---
apiVersion: v1
data:
fix-split-brain.sh: |
HOSTNAME="$(hostname)"
INDEX="${HOSTNAME##*-}"
SENTINEL_PORT=26379
ANNOUNCE_IP=''
MASTER=''
MASTER_GROUP="argocd"
QUORUM="2"
REDIS_CONF=/data/conf/redis.conf
REDIS_PORT=6379
REDIS_TLS_PORT=
SENTINEL_CONF=/data/conf/sentinel.conf
SENTINEL_TLS_PORT=
SERVICE=argocd-redis-ha
SENTINEL_TLS_REPLICATION_ENABLED=false
REDIS_TLS_REPLICATION_ENABLED=false
ROLE=''
REDIS_MASTER=''
set -eu
sentinel_get_master() {
set +e
if [ "$SENTINEL_PORT" -eq 0 ]; then
redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
else
redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
fi
set -e
}
sentinel_get_master_retry() {
master=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
master=$(sentinel_get_master)
if [ -n "${master}" ]; then
break
fi
sleep $((sleep + i))
done
echo "${master}"
}
identify_master() {
echo "Identifying redis master (get-master-addr-by-name).."
echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)"
MASTER="$(sentinel_get_master_retry 3)"
if [ -n "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
else
echo " $(date) Did not find redis master (${MASTER})"
fi
}
sentinel_update() {
echo "Updating sentinel config.."
echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
echo " redis master (${1}:${REDIS_TLS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
else
echo " redis master (${1}:${REDIS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
fi
echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
else
echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
fi
}
redis_update() {
echo "Updating redis config.."
if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})"
echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
else
echo " we are slave of redis master (${1}:${REDIS_PORT})"
echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
fi
echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
}
copy_config() {
echo "Copying default redis config.."
echo " to '${REDIS_CONF}'"
cp /readonly-config/redis.conf "${REDIS_CONF}"
echo "Copying default sentinel config.."
echo " to '${SENTINEL_CONF}'"
cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
}
setup_defaults() {
echo "Setting up defaults.."
echo " using statefulset index (${INDEX})"
if [ "${INDEX}" = "0" ]; then
echo "Setting this pod as master for redis and sentinel.."
echo " using announce (${ANNOUNCE_IP})"
redis_update "${ANNOUNCE_IP}"
sentinel_update "${ANNOUNCE_IP}"
echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
else
echo "Getting redis master ip.."
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
if [ -z "${DEFAULT_MASTER}" ]; then
echo "Error: Unable to resolve redis master (getent hosts)."
exit 1
fi
echo "Setting default slave config for redis and sentinel.."
echo " using master ip (${DEFAULT_MASTER})"
redis_update "${DEFAULT_MASTER}"
sentinel_update "${DEFAULT_MASTER}"
fi
}
redis_ping() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping
else
redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping
fi
set -e
}
redis_ping_retry() {
ping=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
if [ "$(redis_ping)" = "PONG" ]; then
ping='PONG'
break
fi
sleep $((sleep + i))
MASTER=$(sentinel_get_master)
done
echo "${ping}"
}
find_master() {
echo "Verifying redis master.."
if [ "$REDIS_PORT" -eq 0 ]; then
echo " ping (${MASTER}:${REDIS_TLS_PORT})"
else
echo " ping (${MASTER}:${REDIS_PORT})"
fi
if [ "$(redis_ping_retry 3)" != "PONG" ]; then
echo " $(date) Can't ping redis master (${MASTER})"
echo "Attempting to force failover (sentinel failover).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
else
echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
fi
echo "Hold on for 10sec"
sleep 10
echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
else
echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
fi
MASTER="$(sentinel_get_master)"
if [ "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
else
echo "$(date) Error: Could not failover, exiting..."
exit 1
fi
else
echo " $(date) Found reachable redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
fi
}
redis_ro_update() {
echo "Updating read-only redis config.."
echo " redis.conf set 'replica-priority 0'"
echo "replica-priority 0" >> ${REDIS_CONF}
}
getent_hosts() {
index=${1:-${INDEX}}
service="${SERVICE}-announce-${index}"
pod="${SERVICE}-server-${index}"
host=$(getent hosts "${service}")
if [ -z "${host}" ]; then
host=$(getent hosts "${pod}")
fi
echo "${host}"
}
identify_announce_ip() {
echo "Identify announce ip for this pod.."
echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
echo " identified announce (${ANNOUNCE_IP})"
}
redis_role() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//')
else
ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//')
fi
set -e
}
identify_redis_master() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//')
else
REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//')
fi
set -e
}
reinit() {
set +e
sh /readonly-config/init.sh
if [ "$REDIS_PORT" -eq 0 ]; then
echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key
else
echo "shutdown" | redis-cli -p "${REDIS_PORT}"
fi
set -e
}
identify_announce_ip
while true; do
sleep 60
# where is redis master
identify_master
if [ "$MASTER" == "$ANNOUNCE_IP" ]; then
redis_role
if [ "$ROLE" != "master" ]; then
reinit
fi
else
identify_redis_master
if [ "$REDIS_MASTER" != "$MASTER" ]; then
reinit
fi
fi
done
haproxy.cfg: |
defaults REDIS
mode tcp
timeout connect 4s
timeout server 6m
timeout client 6m
timeout check 2s
listen health_check_http_url
bind [::]:8888 v4v6
mode http
monitor-uri /healthz
option dontlognull
# Check Sentinel and whether they are nominated master
backend check_if_redis_is_master_0
mode tcp
option tcp-check
tcp-check connect
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
tcp-check expect string REPLACE_ANNOUNCE0
tcp-check send QUIT\r\n
tcp-check expect string +OK
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
# Check Sentinel and whether they are nominated master
backend check_if_redis_is_master_1
mode tcp
option tcp-check
tcp-check connect
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
tcp-check expect string REPLACE_ANNOUNCE1
tcp-check send QUIT\r\n
tcp-check expect string +OK
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
# Check Sentinel and whether they are nominated master
backend check_if_redis_is_master_2
mode tcp
option tcp-check
tcp-check connect
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
tcp-check expect string REPLACE_ANNOUNCE2
tcp-check send QUIT\r\n
tcp-check expect string +OK
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
# decide redis backend to use
#master
frontend ft_redis_master
bind [::]:6379 v4v6
use_backend bk_redis_master
# Check all redis servers to see if they think they are master
backend bk_redis_master
mode tcp
option tcp-check
tcp-check connect
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }
server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1
use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }
server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise 1
use-server R2 if { srv_is_up(R2) } { nbsrv(check_if_redis_is_master_2) ge 2 }
server R2 argocd-redis-ha-announce-2:6379 check inter 3s fall 1 rise 1
haproxy_init.sh: |
HAPROXY_CONF=/data/haproxy.cfg
cp /readonly/haproxy.cfg "$HAPROXY_CONF"
for loop in $(seq 1 10); do
getent hosts argocd-redis-ha-announce-0 && break
echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
done
ANNOUNCE_IP0=$(getent hosts "argocd-redis-ha-announce-0" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP0" ]; then
echo "Could not resolve the announce ip for argocd-redis-ha-announce-0"
exit 1
fi
sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF"
for loop in $(seq 1 10); do
getent hosts argocd-redis-ha-announce-1 && break
echo "Waiting for service argocd-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1
done
ANNOUNCE_IP1=$(getent hosts "argocd-redis-ha-announce-1" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP1" ]; then
echo "Could not resolve the announce ip for argocd-redis-ha-announce-1"
exit 1
fi
sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF"
for loop in $(seq 1 10); do
getent hosts argocd-redis-ha-announce-2 && break
echo "Waiting for service argocd-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1
done
ANNOUNCE_IP2=$(getent hosts "argocd-redis-ha-announce-2" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP2" ]; then
echo "Could not resolve the announce ip for argocd-redis-ha-announce-2"
exit 1
fi
sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"
init.sh: |
echo "$(date) Start..."
HOSTNAME="$(hostname)"
INDEX="${HOSTNAME##*-}"
SENTINEL_PORT=26379
ANNOUNCE_IP=''
MASTER=''
MASTER_GROUP="argocd"
QUORUM="2"
REDIS_CONF=/data/conf/redis.conf
REDIS_PORT=6379
REDIS_TLS_PORT=
SENTINEL_CONF=/data/conf/sentinel.conf
SENTINEL_TLS_PORT=
SERVICE=argocd-redis-ha
SENTINEL_TLS_REPLICATION_ENABLED=false
REDIS_TLS_REPLICATION_ENABLED=false
set -eu
sentinel_get_master() {
set +e
if [ "$SENTINEL_PORT" -eq 0 ]; then
redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
else
redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
fi
set -e
}
sentinel_get_master_retry() {
master=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
master=$(sentinel_get_master)
if [ -n "${master}" ]; then
break
fi
sleep $((sleep + i))
done
echo "${master}"
}
identify_master() {
echo "Identifying redis master (get-master-addr-by-name).."
echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)"
MASTER="$(sentinel_get_master_retry 3)"
if [ -n "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
else
echo " $(date) Did not find redis master (${MASTER})"
fi
}
sentinel_update() {
echo "Updating sentinel config.."
echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
echo " redis master (${1}:${REDIS_TLS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
else
echo " redis master (${1}:${REDIS_PORT})"
sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
fi
echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
else
echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
fi
}
redis_update() {
echo "Updating redis config.."
if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})"
echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
else
echo " we are slave of redis master (${1}:${REDIS_PORT})"
echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
fi
echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
}
copy_config() {
echo "Copying default redis config.."
echo " to '${REDIS_CONF}'"
cp /readonly-config/redis.conf "${REDIS_CONF}"
echo "Copying default sentinel config.."
echo " to '${SENTINEL_CONF}'"
cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
}
setup_defaults() {
echo "Setting up defaults.."
echo " using statefulset index (${INDEX})"
if [ "${INDEX}" = "0" ]; then
echo "Setting this pod as master for redis and sentinel.."
echo " using announce (${ANNOUNCE_IP})"
redis_update "${ANNOUNCE_IP}"
sentinel_update "${ANNOUNCE_IP}"
echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
else
echo "Getting redis master ip.."
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
if [ -z "${DEFAULT_MASTER}" ]; then
echo "Error: Unable to resolve redis master (getent hosts)."
exit 1
fi
echo "Setting default slave config for redis and sentinel.."
echo " using master ip (${DEFAULT_MASTER})"
redis_update "${DEFAULT_MASTER}"
sentinel_update "${DEFAULT_MASTER}"
fi
}
redis_ping() {
set +e
if [ "$REDIS_PORT" -eq 0 ]; then
redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping
else
redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping
fi
set -e
}
redis_ping_retry() {
ping=''
retry=${1}
sleep=3
for i in $(seq 1 "${retry}"); do
if [ "$(redis_ping)" = "PONG" ]; then
ping='PONG'
break
fi
sleep $((sleep + i))
MASTER=$(sentinel_get_master)
done
echo "${ping}"
}
find_master() {
echo "Verifying redis master.."
if [ "$REDIS_PORT" -eq 0 ]; then
echo " ping (${MASTER}:${REDIS_TLS_PORT})"
else
echo " ping (${MASTER}:${REDIS_PORT})"
fi
if [ "$(redis_ping_retry 3)" != "PONG" ]; then
echo " $(date) Can't ping redis master (${MASTER})"
echo "Attempting to force failover (sentinel failover).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
else
echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
echo " $(date) Failover returned with 'NOGOODSLAVE'"
echo "Setting defaults for this pod.."
setup_defaults
return 0
fi
fi
echo "Hold on for 10sec"
sleep 10
echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
if [ "$SENTINEL_PORT" -eq 0 ]; then
echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
else
echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
fi
MASTER="$(sentinel_get_master)"
if [ "${MASTER}" ]; then
echo " $(date) Found redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
else
echo "$(date) Error: Could not failover, exiting..."
exit 1
fi
else
echo " $(date) Found reachable redis master (${MASTER})"
echo "Updating redis and sentinel config.."
sentinel_update "${MASTER}"
redis_update "${MASTER}"
fi
}
redis_ro_update() {
echo "Updating read-only redis config.."
echo " redis.conf set 'replica-priority 0'"
echo "replica-priority 0" >> ${REDIS_CONF}
}
getent_hosts() {
index=${1:-${INDEX}}
service="${SERVICE}-announce-${index}"
pod="${SERVICE}-server-${index}"
host=$(getent hosts "${service}")
if [ -z "${host}" ]; then
host=$(getent hosts "${pod}")
fi
echo "${host}"
}
identify_announce_ip() {
echo "Identify announce ip for this pod.."
echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
echo " identified announce (${ANNOUNCE_IP})"
}
mkdir -p /data/conf/
echo "Initializing config.."
copy_config
# where is redis master
identify_master
identify_announce_ip
if [ -z "${ANNOUNCE_IP}" ]; then
"Error: Could not resolve the announce ip for this pod."
exit 1
elif [ "${MASTER}" ]; then
find_master
else
setup_defaults
fi
if [ "${AUTH:-}" ]; then
echo "Setting redis auth values.."
ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
fi
if [ "${SENTINELAUTH:-}" ]; then
echo "Setting sentinel auth values"
ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
fi
echo "$(date) Ready..."
redis.conf: |
dir "/data"
port 6379
rename-command FLUSHDB ""
rename-command FLUSHALL ""
bind 0.0.0.0
maxmemory 0
maxmemory-policy volatile-lru
min-replicas-max-lag 5
min-replicas-to-write 1
rdbchecksum yes
rdbcompression yes
repl-diskless-sync yes
save ""
sentinel.conf: |
dir "/data"
port 26379
bind 0.0.0.0
sentinel down-after-milliseconds argocd 10000
sentinel failover-timeout argocd 180000
maxclients 10000
sentinel parallel-syncs argocd 5
trigger-failover-if-master.sh: |
get_redis_role() {
is_master=$(
redis-cli \
-h localhost \
-p 6379 \
info | grep -c 'role:master' || true
)
}
get_redis_role
if [[ "$is_master" -eq 1 ]]; then
echo "This node is currently master, we trigger a failover."
response=$(
redis-cli \
-h localhost \
-p 26379 \
SENTINEL failover argocd
)
if [[ "$response" != "OK" ]] ; then
echo "$response"
exit 1
fi
timeout=30
while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do
sleep 1
get_redis_role
timeout=$((timeout - 1))
done
echo "Failover successful"
fi
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-configmap
---
apiVersion: v1
data:
redis_liveness.sh: |
response=$(
redis-cli \
-h localhost \
-p 6379 \
ping
)
if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then
echo "$response"
exit 1
fi
echo "response=$response"
redis_readiness.sh: |
response=$(
redis-cli \
-h localhost \
-p 6379 \
ping
)
if [ "$response" != "PONG" ] ; then
echo "$response"
exit 1
fi
echo "response=$response"
sentinel_liveness.sh: |
response=$(
redis-cli \
-h localhost \
-p 26379 \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
echo "response=$response"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-health-configmap
---
apiVersion: v1
data:
ssh_known_hosts: |-
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-ssh-known-hosts-cm
app.kubernetes.io/part-of: argocd
name: argocd-ssh-known-hosts-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-tls-certs-cm
app.kubernetes.io/part-of: argocd
name: argocd-tls-certs-cm
---
apiVersion: v1
kind: Secret
metadata:
name: argocd-notifications-secret
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/name: argocd-secret
app.kubernetes.io/part-of: argocd
name: argocd-secret
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd-applicationset
name: argocd-applicationset-controller
spec:
ports:
- name: webhook
port: 7000
protocol: TCP
targetPort: webhook
- name: metrics
port: 8080
protocol: TCP
targetPort: metrics
selector:
app.kubernetes.io/name: argocd-applicationset-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
spec:
ports:
- name: http
port: 5556
protocol: TCP
targetPort: 5556
- name: grpc
port: 5557
protocol: TCP
targetPort: 5557
- name: metrics
port: 5558
protocol: TCP
targetPort: 5558
selector:
app.kubernetes.io/name: argocd-dex-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/name: argocd-metrics
app.kubernetes.io/part-of: argocd
name: argocd-metrics
spec:
ports:
- name: metrics
port: 8082
protocol: TCP
targetPort: 8082
selector:
app.kubernetes.io/name: argocd-application-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller-metrics
name: argocd-notifications-controller-metrics
spec:
ports:
- name: metrics
port: 9001
protocol: TCP
targetPort: 9001
selector:
app.kubernetes.io/name: argocd-notifications-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha
spec:
clusterIP: None
ports:
- name: tcp-server
port: 6379
protocol: TCP
targetPort: redis
- name: tcp-sentinel
port: 26379
protocol: TCP
targetPort: sentinel
selector:
app.kubernetes.io/name: argocd-redis-ha
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-announce-0
spec:
ports:
- name: tcp-server
port: 6379
protocol: TCP
targetPort: redis
- name: tcp-sentinel
port: 26379
protocol: TCP
targetPort: sentinel
publishNotReadyAddresses: true
selector:
app.kubernetes.io/name: argocd-redis-ha
statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-0
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-announce-1
spec:
ports:
- name: tcp-server
port: 6379
protocol: TCP
targetPort: redis
- name: tcp-sentinel
port: 26379
protocol: TCP
targetPort: sentinel
publishNotReadyAddresses: true
selector:
app.kubernetes.io/name: argocd-redis-ha
statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-1
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-announce-2
spec:
ports:
- name: tcp-server
port: 6379
protocol: TCP
targetPort: redis
- name: tcp-sentinel
port: 26379
protocol: TCP
targetPort: sentinel
publishNotReadyAddresses: true
selector:
app.kubernetes.io/name: argocd-redis-ha
statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-2
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha-haproxy
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-haproxy
spec:
ports:
- name: tcp-haproxy
port: 6379
protocol: TCP
targetPort: redis
selector:
app.kubernetes.io/name: argocd-redis-ha-haproxy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
spec:
ports:
- name: server
port: 8081
protocol: TCP
targetPort: 8081
- name: metrics
port: 8084
protocol: TCP
targetPort: 8084
selector:
app.kubernetes.io/name: argocd-repo-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/name: argocd-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server-metrics
app.kubernetes.io/part-of: argocd
name: argocd-server-metrics
spec:
ports:
- name: metrics
port: 8083
protocol: TCP
targetPort: 8083
selector:
app.kubernetes.io/name: argocd-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd-applicationset
name: argocd-applicationset-controller
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-applicationset-controller
template:
metadata:
labels:
app.kubernetes.io/name: argocd-applicationset-controller
spec:
containers:
- command:
- entrypoint.sh
- argocd-applicationset-controller
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.leader.election
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.namespace
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.policy
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.debug
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.dryrun
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
- containerPort: 7000
name: webhook
- containerPort: 8080
name: metrics
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /tmp
name: tmp
serviceAccountName: argocd-applicationset-controller
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- emptyDir: {}
name: tmp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-dex-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- command:
- /shared/argocd-dex
- rundex
env:
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: dexserver.disable.tls
name: argocd-cmd-params-cm
optional: true
image: ghcr.io/dexidp/dex:v2.35.3-distroless
imagePullPolicy: Always
name: dex
ports:
- containerPort: 5556
- containerPort: 5557
- containerPort: 5558
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
- mountPath: /tls
name: argocd-dex-server-tls
initContainers:
- command:
- cp
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
serviceAccountName: argocd-dex-server
volumes:
- emptyDir: {}
name: static-files
- emptyDir: {}
name: dexconfig
- name: argocd-dex-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-dex-server-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-notifications-controller
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller
spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
tcpSocket:
port: 9001
name: argocd-notifications-controller
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
workingDir: /app
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: argocd-notifications-controller
volumes:
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha-haproxy
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-haproxy
spec:
replicas: 3
revisionHistoryLimit: 1
selector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
strategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 33967cee643b636d6e9a66e82b7f85814ceb8c55fba7a1d8af439ef056934e5c
labels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
name: argocd-redis-ha-haproxy
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
topologyKey: kubernetes.io/hostname
containers:
- image: haproxy:2.6.2-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 5
periodSeconds: 3
name: haproxy
ports:
- containerPort: 6379
name: redis
readinessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 5
periodSeconds: 3
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /usr/local/etc/haproxy
name: data
- mountPath: /run/haproxy
name: shared-socket
initContainers:
- args:
- /readonly/haproxy_init.sh
command:
- sh
image: haproxy:2.6.2-alpine
imagePullPolicy: IfNotPresent
name: config-init
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /readonly
name: config-volume
readOnly: true
- mountPath: /data
name: data
securityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: argocd-redis-ha-haproxy
volumes:
- configMap:
name: argocd-redis-ha-configmap
name: config-volume
- emptyDir: {}
name: shared-socket
- emptyDir: {}
name: data
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-repo-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
containers:
- command:
- entrypoint.sh
- argocd-repo-server
- --redis
- argocd-redis-ha-haproxy:6379
env:
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: reposerver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: reposerver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: reposerver.disable.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: reposerver.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.repo.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.max.combined.directory.manifests.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.tar.exclusions
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: 8084
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
name: argocd-repo-server
ports:
- containerPort: 8081
- containerPort: 8084
readinessProbe:
httpGet:
path: /healthz
port: 8084
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
initContainers:
- command:
- cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
serviceAccountName: argocd-repo-server
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- emptyDir: {}
name: tmp
- emptyDir: {}
name: helm-working-dir
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: argocd-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
topologyKey: kubernetes.io/hostname
containers:
- command:
- argocd-server
- --redis
- argocd-redis-ha-haproxy:6379
env:
- name: ARGOCD_API_SERVER_REPLICAS
value: "2"
- name: ARGOCD_SERVER_INSECURE
valueFrom:
configMapKeyRef:
key: server.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_BASEHREF
valueFrom:
configMapKeyRef:
key: server.basehref
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_ROOTPATH
valueFrom:
configMapKeyRef:
key: server.rootpath
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: server.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: server.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DEX_SERVER
valueFrom:
configMapKeyRef:
key: server.dex.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DISABLE_AUTH
valueFrom:
configMapKeyRef:
key: server.disable.auth
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_ENABLE_GZIP
valueFrom:
configMapKeyRef:
key: server.enable.gzip
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: server.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_X_FRAME_OPTIONS
valueFrom:
configMapKeyRef:
key: server.x.frame.options
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY
valueFrom:
configMapKeyRef:
key: server.content.security.policy
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: server.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: server.repo.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: server.dex.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: server.dex.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: server.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: server.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: server.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.connection.status.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.oidc.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.login.attempts.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_STATIC_ASSETS
valueFrom:
configMapKeyRef:
key: server.staticassets
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.app.state.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_MAX_COOKIE_NUMBER
valueFrom:
configMapKeyRef:
key: server.http.cookie.maxnumber
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz?full=true
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
timeoutSeconds: 5
name: argocd-server
ports:
- containerPort: 8080
- containerPort: 8083
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
- mountPath: /app/config/dex/tls
name: argocd-dex-server-tls
- mountPath: /home/argocd
name: plugins-home
- mountPath: /tmp
name: tmp
serviceAccountName: argocd-server
volumes:
- emptyDir: {}
name: plugins-home
- emptyDir: {}
name: tmp
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- name: argocd-dex-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-dex-server-tls
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
serviceName: argocd-application-controller
template:
metadata:
labels:
app.kubernetes.io/name: argocd-application-controller
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- command:
- argocd-application-controller
- --redis
- argocd-redis-ha-haproxy:6379
env:
- name: ARGOCD_CONTROLLER_REPLICAS
value: "1"
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.hard.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
key: controller.status.processors
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
valueFrom:
configMapKeyRef:
key: controller.operation.processors
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: controller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: controller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.metrics.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: controller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: controller.repo.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
key: controller.resource.health.persist
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.app.state.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
name: argocd-application-controller
ports:
- containerPort: 8082
readinessProbe:
httpGet:
path: /healthz
port: 8082
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
workingDir: /home/argocd
serviceAccountName: argocd-application-controller
volumes:
- emptyDir: {}
name: argocd-home
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis-ha
app.kubernetes.io/part-of: argocd
name: argocd-redis-ha-server
spec:
podManagementPolicy: OrderedReady
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
serviceName: argocd-redis-ha
template:
metadata:
annotations:
checksum/init-config: 226aec192d2f29b5355769c9f1fbf093bf36c3a1e15b574b71fb8fe73fd37c05
labels:
app.kubernetes.io/name: argocd-redis-ha
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
containers:
- args:
- /data/conf/redis.conf
command:
- redis-server
image: redis:7.0.5-alpine
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/sh
- /readonly-config/trigger-failover-if-master.sh
livenessProbe:
exec:
command:
- sh
- -c
- /health/redis_liveness.sh
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 15
name: redis
ports:
- containerPort: 6379
name: redis
readinessProbe:
exec:
command:
- sh
- -c
- /health/redis_readiness.sh
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 15
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /readonly-config
name: config
readOnly: true
- mountPath: /data
name: data
- mountPath: /health
name: health
- args:
- /data/conf/sentinel.conf
command:
- redis-sentinel
image: redis:7.0.5-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
exec:
command:
- sh
- -c
- /health/sentinel_liveness.sh
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 15
name: sentinel
ports:
- containerPort: 26379
name: sentinel
readinessProbe:
exec:
command:
- sh
- -c
- /health/sentinel_liveness.sh
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 15
successThreshold: 3
timeoutSeconds: 15
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /data
name: data
- mountPath: /health
name: health
- args:
- /readonly-config/fix-split-brain.sh
command:
- sh
env:
- name: SENTINEL_ID_0
value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
- name: SENTINEL_ID_1
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.5-alpine
imagePullPolicy: IfNotPresent
name: split-brain-fix
resources: {}
volumeMounts:
- mountPath: /readonly-config
name: config
readOnly: true
- mountPath: /data
name: data
initContainers:
- args:
- /readonly-config/init.sh
command:
- sh
env:
- name: SENTINEL_ID_0
value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
- name: SENTINEL_ID_1
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.5-alpine
imagePullPolicy: IfNotPresent
name: config-init
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /readonly-config
name: config
readOnly: true
- mountPath: /data
name: data
securityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: argocd-redis-ha
terminationGracePeriodSeconds: 60
volumes:
- configMap:
name: argocd-redis-ha-configmap
name: config
- configMap:
defaultMode: 493
name: argocd-redis-ha-health-configmap
name: health
- emptyDir: {}
name: data
updateStrategy:
type: RollingUpdate
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-application-controller-network-policy
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 8082
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-applicationset-controller-network-policy
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 7000
protocol: TCP
- port: 8080
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-applicationset-controller
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-dex-server-network-policy
spec:
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
ports:
- port: 5556
protocol: TCP
- port: 5557
protocol: TCP
- from:
- namespaceSelector: {}
ports:
- port: 5558
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-notifications-controller-network-policy
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 9001
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-redis-ha-proxy-network-policy
spec:
egress:
- ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
to:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
to:
- namespaceSelector: {}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
policyTypes:
- Ingress
- Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-redis-ha-server-network-policy
spec:
egress:
- ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
to:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
to:
- namespaceSelector: {}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
policyTypes:
- Ingress
- Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-repo-server-network-policy
spec:
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
ports:
- port: 8081
protocol: TCP
- from:
- namespaceSelector: {}
ports:
- port: 8084
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-server-network-policy
spec:
ingress:
- {}
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
policyTypes:
- Ingress