upgrade argocd for ssa
This commit is contained in:
parent
647189409b
commit
fab7d8492b
|
@ -1806,6 +1806,10 @@ spec:
|
|||
reconciled using the latest git version
|
||||
format: date-time
|
||||
type: string
|
||||
resourceHealthSource:
|
||||
description: 'ResourceHealthSource indicates where the resource health
|
||||
status is stored: inline if not set or appTree'
|
||||
type: string
|
||||
resources:
|
||||
description: Resources is a list of Kubernetes resources managed by
|
||||
this application
|
||||
|
@ -4523,6 +4527,8 @@ spec:
|
|||
properties:
|
||||
api:
|
||||
type: string
|
||||
appSecretName:
|
||||
type: string
|
||||
labels:
|
||||
items:
|
||||
type: string
|
||||
|
@ -4545,6 +4551,31 @@ spec:
|
|||
- owner
|
||||
- repo
|
||||
type: object
|
||||
gitlab:
|
||||
properties:
|
||||
api:
|
||||
type: string
|
||||
labels:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
project:
|
||||
type: string
|
||||
pullRequestState:
|
||||
type: string
|
||||
tokenRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
secretName:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
type: object
|
||||
required:
|
||||
- project
|
||||
type: object
|
||||
requeueAfterSeconds:
|
||||
format: int64
|
||||
type: integer
|
||||
|
@ -4806,6 +4837,31 @@ spec:
|
|||
type: object
|
||||
scmProvider:
|
||||
properties:
|
||||
azureDevOps:
|
||||
properties:
|
||||
accessTokenRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
secretName:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
type: object
|
||||
allBranches:
|
||||
type: boolean
|
||||
api:
|
||||
type: string
|
||||
organization:
|
||||
type: string
|
||||
teamProject:
|
||||
type: string
|
||||
required:
|
||||
- accessTokenRef
|
||||
- organization
|
||||
- teamProject
|
||||
type: object
|
||||
bitbucket:
|
||||
properties:
|
||||
allBranches:
|
||||
|
@ -4910,6 +4966,8 @@ spec:
|
|||
type: boolean
|
||||
api:
|
||||
type: string
|
||||
appSecretName:
|
||||
type: string
|
||||
organization:
|
||||
type: string
|
||||
tokenRef:
|
||||
|
@ -5207,6 +5265,29 @@ spec:
|
|||
- spec
|
||||
type: object
|
||||
type: object
|
||||
selector:
|
||||
properties:
|
||||
matchExpressions:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
operator:
|
||||
type: string
|
||||
values:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
template:
|
||||
|
@ -6676,6 +6757,8 @@ spec:
|
|||
properties:
|
||||
api:
|
||||
type: string
|
||||
appSecretName:
|
||||
type: string
|
||||
labels:
|
||||
items:
|
||||
type: string
|
||||
|
@ -6698,6 +6781,31 @@ spec:
|
|||
- owner
|
||||
- repo
|
||||
type: object
|
||||
gitlab:
|
||||
properties:
|
||||
api:
|
||||
type: string
|
||||
labels:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
project:
|
||||
type: string
|
||||
pullRequestState:
|
||||
type: string
|
||||
tokenRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
secretName:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
type: object
|
||||
required:
|
||||
- project
|
||||
type: object
|
||||
requeueAfterSeconds:
|
||||
format: int64
|
||||
type: integer
|
||||
|
@ -6959,6 +7067,31 @@ spec:
|
|||
type: object
|
||||
scmProvider:
|
||||
properties:
|
||||
azureDevOps:
|
||||
properties:
|
||||
accessTokenRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
secretName:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
type: object
|
||||
allBranches:
|
||||
type: boolean
|
||||
api:
|
||||
type: string
|
||||
organization:
|
||||
type: string
|
||||
teamProject:
|
||||
type: string
|
||||
required:
|
||||
- accessTokenRef
|
||||
- organization
|
||||
- teamProject
|
||||
type: object
|
||||
bitbucket:
|
||||
properties:
|
||||
allBranches:
|
||||
|
@ -7063,6 +7196,8 @@ spec:
|
|||
type: boolean
|
||||
api:
|
||||
type: string
|
||||
appSecretName:
|
||||
type: string
|
||||
organization:
|
||||
type: string
|
||||
tokenRef:
|
||||
|
@ -7360,6 +7495,29 @@ spec:
|
|||
- spec
|
||||
type: object
|
||||
type: object
|
||||
selector:
|
||||
properties:
|
||||
matchExpressions:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
operator:
|
||||
type: string
|
||||
values:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
mergeKeys:
|
||||
|
@ -7694,6 +7852,8 @@ spec:
|
|||
properties:
|
||||
api:
|
||||
type: string
|
||||
appSecretName:
|
||||
type: string
|
||||
labels:
|
||||
items:
|
||||
type: string
|
||||
|
@ -7716,6 +7876,31 @@ spec:
|
|||
- owner
|
||||
- repo
|
||||
type: object
|
||||
gitlab:
|
||||
properties:
|
||||
api:
|
||||
type: string
|
||||
labels:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
project:
|
||||
type: string
|
||||
pullRequestState:
|
||||
type: string
|
||||
tokenRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
secretName:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
type: object
|
||||
required:
|
||||
- project
|
||||
type: object
|
||||
requeueAfterSeconds:
|
||||
format: int64
|
||||
type: integer
|
||||
|
@ -7977,6 +8162,31 @@ spec:
|
|||
type: object
|
||||
scmProvider:
|
||||
properties:
|
||||
azureDevOps:
|
||||
properties:
|
||||
accessTokenRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
secretName:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
type: object
|
||||
allBranches:
|
||||
type: boolean
|
||||
api:
|
||||
type: string
|
||||
organization:
|
||||
type: string
|
||||
teamProject:
|
||||
type: string
|
||||
required:
|
||||
- accessTokenRef
|
||||
- organization
|
||||
- teamProject
|
||||
type: object
|
||||
bitbucket:
|
||||
properties:
|
||||
allBranches:
|
||||
|
@ -8081,6 +8291,8 @@ spec:
|
|||
type: boolean
|
||||
api:
|
||||
type: string
|
||||
appSecretName:
|
||||
type: string
|
||||
organization:
|
||||
type: string
|
||||
tokenRef:
|
||||
|
@ -8378,8 +8590,33 @@ spec:
|
|||
- spec
|
||||
type: object
|
||||
type: object
|
||||
selector:
|
||||
properties:
|
||||
matchExpressions:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
operator:
|
||||
type: string
|
||||
values:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
goTemplate:
|
||||
type: boolean
|
||||
syncPolicy:
|
||||
properties:
|
||||
preserveResourcesOnDeletion:
|
||||
|
@ -8838,6 +9075,10 @@ spec:
|
|||
for apps which have orphaned resources
|
||||
type: boolean
|
||||
type: object
|
||||
permitOnlyProjectScopedClusters:
|
||||
description: PermitOnlyProjectScopedClusters determines whether destinations
|
||||
can only reference clusters which are project-scoped
|
||||
type: boolean
|
||||
roles:
|
||||
description: Roles are user defined RBAC roles associated with this
|
||||
project
|
||||
|
@ -8900,6 +9141,12 @@ spec:
|
|||
- keyID
|
||||
type: object
|
||||
type: array
|
||||
sourceNamespaces:
|
||||
description: SourceNamespaces defines the namespaces application resources
|
||||
are allowed to be created in
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
sourceRepos:
|
||||
description: SourceRepos contains list of repository URLs which can
|
||||
be used for deployment
|
||||
|
@ -9020,6 +9267,10 @@ metadata:
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/component: notifications-controller
|
||||
app.kubernetes.io/name: argocd-notifications-controller
|
||||
app.kubernetes.io/part-of: argocd
|
||||
name: argocd-notifications-controller
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -9241,6 +9492,7 @@ rules:
|
|||
resources:
|
||||
- applications
|
||||
- appprojects
|
||||
- applicationsets
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
|
@ -9307,6 +9559,14 @@ rules:
|
|||
- pods/log
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- applications
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
|
@ -9692,7 +9952,7 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: quay.io/argoproj/argocd:v2.4.12
|
||||
image: quay.io/argoproj/argocd:v2.5.0-rc1
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
|
@ -9707,6 +9967,8 @@ spec:
|
|||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /app/config/ssh
|
||||
name: ssh-known-hosts
|
||||
|
@ -9764,7 +10026,14 @@ spec:
|
|||
- command:
|
||||
- /shared/argocd-dex
|
||||
- rundex
|
||||
image: ghcr.io/dexidp/dex:v2.32.0
|
||||
env:
|
||||
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: dexserver.disable.tls
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: ghcr.io/dexidp/dex:v2.35.1-distroless
|
||||
imagePullPolicy: Always
|
||||
name: dex
|
||||
ports:
|
||||
|
@ -9778,18 +10047,22 @@ spec:
|
|||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /shared
|
||||
name: static-files
|
||||
- mountPath: /tmp
|
||||
name: dexconfig
|
||||
- mountPath: /tls
|
||||
name: argocd-dex-server-tls
|
||||
initContainers:
|
||||
- command:
|
||||
- cp
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:v2.4.12
|
||||
image: quay.io/argoproj/argocd:v2.5.0-rc1
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
|
@ -9799,6 +10072,8 @@ spec:
|
|||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /shared
|
||||
name: static-files
|
||||
|
@ -9810,6 +10085,17 @@ spec:
|
|||
name: static-files
|
||||
- emptyDir: {}
|
||||
name: dexconfig
|
||||
- name: argocd-dex-server-tls
|
||||
secret:
|
||||
items:
|
||||
- key: tls.crt
|
||||
path: tls.crt
|
||||
- key: tls.key
|
||||
path: tls.key
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
optional: true
|
||||
secretName: argocd-dex-server-tls
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
|
@ -9829,7 +10115,7 @@ spec:
|
|||
containers:
|
||||
- command:
|
||||
- argocd-notifications
|
||||
image: quay.io/argoproj/argocd:v2.4.12
|
||||
image: quay.io/argoproj/argocd:v2.5.0-rc1
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
|
@ -9849,6 +10135,8 @@ spec:
|
|||
workingDir: /app
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
serviceAccountName: argocd-notifications-controller
|
||||
volumes:
|
||||
- configMap:
|
||||
|
@ -9904,7 +10192,7 @@ spec:
|
|||
- ""
|
||||
- --appendonly
|
||||
- "no"
|
||||
image: redis:7.0.4-alpine
|
||||
image: redis:7.0.5-alpine
|
||||
imagePullPolicy: Always
|
||||
name: redis
|
||||
ports:
|
||||
|
@ -9913,10 +10201,12 @@ spec:
|
|||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 999
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
serviceAccountName: argocd-redis
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
@ -10018,6 +10308,12 @@ spec:
|
|||
key: redis.server
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: REDIS_COMPRESSION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: redis.compression
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: REDISDB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
@ -10048,13 +10344,31 @@ spec:
|
|||
key: reposerver.plugin.tar.exclusions
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.allow.oob.symlinks
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.streamed.manifest.max.tar.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.streamed.manifest.max.extracted.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: HELM_CACHE_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_CONFIG_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:v2.4.12
|
||||
image: quay.io/argoproj/argocd:v2.5.0-rc1
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
|
@ -10077,9 +10391,11 @@ spec:
|
|||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /app/config/ssh
|
||||
name: ssh-known-hosts
|
||||
|
@ -10103,15 +10419,17 @@ spec:
|
|||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:v2.4.12
|
||||
image: quay.io/argoproj/argocd:v2.5.0-rc1
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/argocd
|
||||
name: var-files
|
||||
|
@ -10208,7 +10526,7 @@ spec:
|
|||
key: server.log.format
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_LOGLEVEL
|
||||
- name: ARGOCD_SERVER_LOG_LEVEL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: server.log.level
|
||||
|
@ -10268,6 +10586,18 @@ spec:
|
|||
key: server.repo.server.strict.tls
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: server.dex.server.plaintext
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: server.dex.server.strict.tls
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_TLS_MIN_VERSION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
@ -10322,6 +10652,12 @@ spec:
|
|||
key: redis.server
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: REDIS_COMPRESSION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: redis.compression
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: REDISDB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
@ -10346,7 +10682,13 @@ spec:
|
|||
key: otlp.address
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.4.12
|
||||
- name: ARGOCD_APPLICATION_NAMESPACES
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0-rc1
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
|
@ -10368,9 +10710,11 @@ spec:
|
|||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /app/config/ssh
|
||||
name: ssh-known-hosts
|
||||
|
@ -10378,6 +10722,8 @@ spec:
|
|||
name: tls-certs
|
||||
- mountPath: /app/config/server/tls
|
||||
name: argocd-repo-server-tls
|
||||
- mountPath: /app/config/dex/tls
|
||||
name: argocd-dex-server-tls
|
||||
- mountPath: /home/argocd
|
||||
name: plugins-home
|
||||
- mountPath: /tmp
|
||||
|
@ -10405,6 +10751,15 @@ spec:
|
|||
path: ca.crt
|
||||
optional: true
|
||||
secretName: argocd-repo-server-tls
|
||||
- name: argocd-dex-server-tls
|
||||
secret:
|
||||
items:
|
||||
- key: tls.crt
|
||||
path: tls.crt
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
optional: true
|
||||
secretName: argocd-dex-server-tls
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
|
@ -10518,6 +10873,12 @@ spec:
|
|||
key: controller.repo.server.strict.tls
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: controller.resource.health.persist
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
@ -10530,6 +10891,12 @@ spec:
|
|||
key: redis.server
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: REDIS_COMPRESSION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: redis.compression
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: REDISDB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
@ -10548,14 +10915,14 @@ spec:
|
|||
key: otlp.address
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.4.12
|
||||
- name: ARGOCD_APPLICATION_NAMESPACES
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0-rc1
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8082
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
- containerPort: 8082
|
||||
|
@ -10569,9 +10936,11 @@ spec:
|
|||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /app/config/controller/tls
|
||||
name: argocd-repo-server-tls
|
||||
|
@ -10612,6 +10981,25 @@ spec:
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: argocd-applicationset-controller-network-policy
|
||||
spec:
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector: {}
|
||||
ports:
|
||||
- port: 7000
|
||||
protocol: TCP
|
||||
- port: 8080
|
||||
protocol: TCP
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-applicationset-controller
|
||||
policyTypes:
|
||||
- Ingress
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: argocd-dex-server-network-policy
|
||||
spec:
|
||||
|
@ -10638,9 +11026,34 @@ spec:
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: argocd-notifications-controller-network-policy
|
||||
spec:
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector: {}
|
||||
ports:
|
||||
- port: 9001
|
||||
protocol: TCP
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-notifications-controller
|
||||
policyTypes:
|
||||
- Ingress
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: argocd-redis-network-policy
|
||||
spec:
|
||||
egress:
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
|
@ -10660,6 +11073,7 @@ spec:
|
|||
app.kubernetes.io/name: argocd-redis
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
|
|
Loading…
Reference in a new issue