From 220edd6b02f481336dde46de6b776ba51ba41d6f Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 25 Jul 2022 22:08:58 +0200 Subject: [PATCH] upgrade argocd --- argocd/argocd.yaml | 1132 +++++++++++++++++++++----------------------- 1 file changed, 551 insertions(+), 581 deletions(-) diff --git a/argocd/argocd.yaml b/argocd/argocd.yaml index f9b00d7..4e3222d 100644 --- a/argocd/argocd.yaml +++ b/argocd/argocd.yaml @@ -283,35 +283,9 @@ spec: type: string version: description: Version is the Helm version to use for templating - (either "2" or "3") + ("3") type: string type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: description: Kustomize holds kustomize specific options properties: @@ -656,34 +630,9 @@ spec: type: string version: description: Version is the Helm version to use for templating - (either "2" or "3") + ("3") type: string type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter - override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: description: Kustomize holds kustomize specific options properties: @@ -1035,35 +984,9 @@ spec: type: string version: description: Version is the Helm version to use for - templating (either "2" or "3") + templating ("3") type: string type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: description: Kustomize holds kustomize specific options properties: @@ -1432,35 +1355,9 @@ spec: type: string version: description: Version is the Helm version to use - for templating (either "2" or "3") + for templating ("3") type: string type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet - component parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: description: Kustomize holds kustomize specific options properties: @@ -1803,35 +1700,9 @@ spec: type: string version: description: Version is the Helm version to use for - templating (either "2" or "3") + templating ("3") type: string type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: description: Kustomize holds kustomize specific options properties: @@ -2163,35 +2034,9 @@ spec: type: string version: description: Version is the Helm version to use for - templating (either "2" or "3") + templating ("3") type: string type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: description: Kustomize holds kustomize specific options properties: @@ -2308,9 +2153,8 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null + labels: + app.kubernetes.io/name: applicationsets.argoproj.io name: applicationsets.argoproj.io spec: group: argoproj.io @@ -2534,25 +2378,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -2840,25 +2665,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -3148,25 +2954,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -3432,25 +3219,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -3746,25 +3514,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -4052,25 +3801,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -4360,25 +4090,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -4644,25 +4355,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -4764,6 +4456,69 @@ spec: x-kubernetes-preserve-unknown-fields: true pullRequest: properties: + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object github: properties: api: @@ -4956,25 +4711,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -5070,6 +4806,59 @@ spec: type: object scmProvider: properties: + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object cloneProtocol: type: string filters: @@ -5079,6 +4868,10 @@ spec: type: string labelMatch: type: string + pathsDoNotExist: + items: + type: string + type: array pathsExist: items: type: string @@ -5087,6 +4880,30 @@ spec: type: string type: object type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object github: properties: allBranches: @@ -5297,25 +5114,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -5574,25 +5372,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -5888,25 +5667,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -6194,25 +5954,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -6502,25 +6243,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -6786,25 +6508,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -6906,6 +6609,69 @@ spec: x-kubernetes-preserve-unknown-fields: true pullRequest: properties: + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object github: properties: api: @@ -7098,25 +6864,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -7212,6 +6959,59 @@ spec: type: object scmProvider: properties: + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object cloneProtocol: type: string filters: @@ -7221,6 +7021,10 @@ spec: type: string labelMatch: type: string + pathsDoNotExist: + items: + type: string + type: array pathsExist: items: type: string @@ -7229,6 +7033,30 @@ spec: type: string type: object type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object github: properties: allBranches: @@ -7439,25 +7267,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -7720,25 +7529,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -7837,6 +7627,69 @@ spec: type: object pullRequest: properties: + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object github: properties: api: @@ -8029,25 +7882,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -8143,6 +7977,59 @@ spec: type: object scmProvider: properties: + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object cloneProtocol: type: string filters: @@ -8152,6 +8039,10 @@ spec: type: string labelMatch: type: string + pathsDoNotExist: + items: + type: string + type: array pathsExist: items: type: string @@ -8160,6 +8051,30 @@ spec: type: string type: object type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object github: properties: allBranches: @@ -8370,25 +8285,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -8652,25 +8548,6 @@ spec: version: type: string type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object kustomize: properties: commonAnnotations: @@ -8799,12 +8676,6 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -9162,6 +9033,15 @@ metadata: --- apiVersion: v1 kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +--- +apiVersion: v1 +kind: ServiceAccount metadata: labels: app.kubernetes.io/component: server @@ -9221,7 +9101,6 @@ rules: - argoproj.io resources: - applications - - appprojects - applicationsets - applicationsets/finalizers verbs: @@ -9232,6 +9111,12 @@ rules: - patch - update - watch +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get - apiGroups: - argoproj.io resources: @@ -9576,7 +9461,6 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - creationTimestamp: null name: argocd-notifications-cm --- apiVersion: v1 @@ -9607,7 +9491,6 @@ metadata: name: argocd-ssh-known-hosts-cm --- apiVersion: v1 -data: null kind: ConfigMap metadata: labels: @@ -9644,6 +9527,10 @@ spec: port: 7000 protocol: TCP targetPort: webhook + - name: metrics + port: 8080 + protocol: TCP + targetPort: metrics selector: app.kubernetes.io/name: argocd-applicationset-controller --- @@ -9799,18 +9686,27 @@ spec: containers: - command: - entrypoint.sh - - applicationset-controller + - argocd-applicationset-controller env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/argoproj/argocd-applicationset:v0.4.1 + image: quay.io/argoproj/argocd:v2.4.7 imagePullPolicy: Always name: argocd-applicationset-controller ports: - containerPort: 7000 name: webhook + - containerPort: 8080 + name: metrics + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts @@ -9820,6 +9716,8 @@ spec: name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring + - mountPath: /tmp + name: tmp serviceAccountName: argocd-applicationset-controller volumes: - configMap: @@ -9833,6 +9731,8 @@ spec: name: gpg-keys - emptyDir: {} name: gpg-keyring + - emptyDir: {} + name: tmp --- apiVersion: apps/v1 kind: Deployment @@ -9873,6 +9773,9 @@ spec: - containerPort: 5558 securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: @@ -9889,6 +9792,13 @@ spec: image: quay.io/argoproj/argocd:v2.4.7 imagePullPolicy: Always name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /shared name: static-files @@ -9925,6 +9835,12 @@ spec: tcpSocket: port: 9001 name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true volumeMounts: - mountPath: /app/config/tls name: tls-certs @@ -9988,11 +9904,16 @@ spec: - "" - --appendonly - "no" - image: redis:6.2.6-alpine + image: redis:7.0.0-alpine imagePullPolicy: Always name: redis ports: - containerPort: 6379 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all securityContext: runAsNonRoot: true runAsUser: 999 @@ -10033,10 +9954,9 @@ spec: automountServiceAccountToken: false containers: - command: - - entrypoint.sh - - argocd-repo-server - - --redis - - argocd-redis:6379 + - sh + - -c + - entrypoint.sh argocd-repo-server --redis argocd-redis:6379 env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: @@ -10110,6 +10030,24 @@ spec: key: reposerver.default.cache.expiration name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME @@ -10167,9 +10105,17 @@ spec: - /var/run/argocd/argocd-cmp-server image: quay.io/argoproj/argocd:v2.4.7 name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /var/run/argocd name: var-files + serviceAccountName: argocd-repo-server volumes: - configMap: name: argocd-ssh-known-hosts-cm @@ -10304,6 +10250,12 @@ spec: key: server.x.frame.options name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + key: server.content.security.policy + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -10388,6 +10340,12 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:v2.4.7 imagePullPolicy: Always livenessProbe: @@ -10430,8 +10388,6 @@ spec: name: plugins-home - emptyDir: {} name: tmp - - emptyDir: {} - name: static-files - configMap: name: argocd-ssh-known-hosts-cm name: ssh-known-hosts @@ -10488,12 +10444,20 @@ spec: - command: - argocd-application-controller env: + - name: ARGOCD_CONTROLLER_REPLICAS + value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.hard.reconciliation + name: argocd-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -10578,6 +10542,12 @@ spec: key: controller.default.cache.expiration name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:v2.4.7 imagePullPolicy: Always livenessProbe: