alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 14 Actions Activity

Compare commits

base: alexlebens:manifests
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-server alexlebens:renovate/unified-admin-tools alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-secrets-store-csi-driver alexlebens:renovate/unified-houndarr alexlebens:renovate/unified-temporal alexlebens:renovate/unified-external-dns alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-opentelemetry-collector alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:renovate/unified-external-secrets alexlebens:renovate/unified-element-web
..
compare: alexlebens:28072e35c740dbb02cc398370f6e0a22f1812d91
Branches Tags
alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-server alexlebens:renovate/unified-admin-tools alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-secrets-store-csi-driver alexlebens:renovate/unified-houndarr alexlebens:renovate/unified-temporal alexlebens:renovate/unified-external-dns alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-opentelemetry-collector alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests alexlebens:renovate/unified-external-secrets alexlebens:renovate/unified-element-web

3 Commits
manifests ... 28072e35c7

Author SHA1 Message Date
gitea-bot
28072e35c7 chore: Update manifests after change 2025-12-16 22:04:39 +00:00
gitea-bot
eddd963077 chore: Update manifests after change 2025-12-16 22:02:08 +00:00
gitea-bot
bbc6057ec5 chore: Update manifests after change 2025-12-16 21:48:42 +00:00
2825 changed files with 54047 additions and 77820 deletions
Expand all files Collapse all files

11
clusters/cl01tl/manifests/actual/Deployment-actual.yaml
View File

@@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/instance: actual
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual
helm.sh/chart: actual-4.6.2
helm.sh/chart: actual-4.5.0
namespace: actual
spec:
revisionHistoryLimit: 3
@@ -35,9 +35,10 @@ spec:
dnsPolicy: ClusterFirst
containers:
- env:
- name: ACTUAL_PORT
value: "5006"
image: ghcr.io/actualbudget/actual:26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e
- name: TZ
value: US/Central
image: ghcr.io/actualbudget/actual:25.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
@@ -54,7 +55,7 @@ spec:
resources:
requests:
cpu: 10m
memory: 50Mi
memory: 128Mi
volumeMounts:
- mountPath: /data
name: data

37
clusters/cl01tl/manifests/actual/ExternalSecret-actual-data-backup-secret-external.yaml
View File

@@ -4,44 +4,55 @@ metadata:
name: actual-data-backup-secret-external
namespace: actual
labels:
helm.sh/chart: volsync-target-data-1.1.1
helm.sh/chart: volsync-target-data-0.3.0
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
app.kubernetes.io/version: "1.1.1"
app.kubernetes.io/version: "0.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual-data-backup-secret-external
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "s3:{{ .ENDPOINT }}/{{ .BUCKET }}/cl01tl/actual/actual-data"
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/actual/actual-data"
data:
- secretKey: ENDPOINT
- secretKey: BUCKET_ENDPOINT
remoteRef:
key: /digital-ocean/config
property: ENDPOINT
- secretKey: BUCKET
remoteRef:
key: /digital-ocean/home-infra/volsync-backups
property: BUCKET
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
key: /digital-ocean/home-infra/volsync-backups
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
property: AWS_REGION
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY

37
clusters/cl01tl/manifests/actual/ExternalSecret-actual-data-backup-secret-local.yaml
View File

@@ -4,44 +4,55 @@ metadata:
name: actual-data-backup-secret-local
namespace: actual
labels:
helm.sh/chart: volsync-target-data-1.1.1
helm.sh/chart: volsync-target-data-0.3.0
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
app.kubernetes.io/version: "1.1.1"
app.kubernetes.io/version: "0.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual-data-backup-secret-local
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "s3:{{ .ENDPOINT }}/{{ .BUCKET }}/cl01tl/actual/actual-data"
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/actual/actual-data"
data:
- secretKey: ENDPOINT
- secretKey: BUCKET_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL
- secretKey: BUCKET
remoteRef:
key: /garage/home-infra/volsync-backups
property: BUCKET
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
key: /garage/home-infra/volsync-backups
property: RESTIC_PASSWORD_LOCAL
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

37
clusters/cl01tl/manifests/actual/ExternalSecret-actual-data-backup-secret-remote.yaml
View File

@@ -4,44 +4,55 @@ metadata:
name: actual-data-backup-secret-remote
namespace: actual
labels:
helm.sh/chart: volsync-target-data-1.1.1
helm.sh/chart: volsync-target-data-0.3.0
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
app.kubernetes.io/version: "1.1.1"
app.kubernetes.io/version: "0.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual-data-backup-secret-remote
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "s3:{{ .ENDPOINT }}/{{ .BUCKET }}/cl01tl/actual/actual-data"
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/actual/actual-data"
data:
- secretKey: ENDPOINT
- secretKey: BUCKET_ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_REMOTE
- secretKey: BUCKET
remoteRef:
key: /garage/home-infra/volsync-backups
property: BUCKET
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
key: /garage/home-infra/volsync-backups
property: RESTIC_PASSWORD_REMOTE
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

28
clusters/cl01tl/manifests/actual/HTTPRoute-actual.yaml → clusters/cl01tl/manifests/actual/HTTPRoute-http-route-actual.yaml
View File

@@ -1,13 +1,12 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: actual
labels:
app.kubernetes.io/instance: actual
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual
helm.sh/chart: actual-4.6.2
name: http-route-actual
namespace: actual
labels:
app.kubernetes.io/name: http-route-actual
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -15,16 +14,15 @@ spec:
name: traefik-gateway
namespace: traefik
hostnames:
- "actual.alexlebens.net"
- actual.alexlebens.net
rules:
- backendRefs:
- group: ""
kind: Service
name: actual
namespace: actual
port: 80
weight: 1
matches:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: actual
port: 80
weight: 100

4
clusters/cl01tl/manifests/actual/PersistentVolumeClaim-actual-data.yaml
View File

@@ -6,7 +6,9 @@ metadata:
app.kubernetes.io/instance: actual
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual
helm.sh/chart: actual-4.6.2
helm.sh/chart: actual-4.5.0
annotations:
helm.sh/resource-policy: keep
namespace: actual
spec:
accessModes:

30
clusters/cl01tl/manifests/actual/PrometheusRule-actual-data-backup-source-local.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: actual-data-backup-source-local
namespace: actual
labels:
helm.sh/chart: volsync-target-data-1.1.1
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
app.kubernetes.io/version: "1.1.1"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual-data-backup-source-local
spec:
groups:
- name: volsync.alerts
rules:
- alert: VolSyncBackupPodFailed
expr: |
(kube_pod_container_status_last_terminated_exitcode > 0)
* on(pod, namespace) group_left(owner_name)
kube_pod_owner{owner_kind="Job", owner_name=~"volsync-.*"}
for: 1m
labels:
severity: critical
annotations:
summary: "VolSync Backup Pod failed in {{ $labels.namespace }}"
description: |
A pod for the VolSync backup of PVC 'actual-data' failed with exit code {{ $value }}.
Job: {{ $labels.owner_name }}
Namespace: {{ $labels.namespace }}

16
clusters/cl01tl/manifests/actual/ReplicationSource-actual-data-backup-source-external.yaml
View File

@@ -4,25 +4,25 @@ metadata:
name: actual-data-backup-source-external
namespace: actual
labels:
helm.sh/chart: volsync-target-data-1.1.1
helm.sh/chart: volsync-target-data-0.3.0
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
app.kubernetes.io/version: "1.1.1"
app.kubernetes.io/version: "0.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual-data-backup
spec:
sourcePVC: actual-data
trigger:
schedule: 0 10 * * *
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: actual-data-backup-secret-external
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
daily: 3
hourly: 1
monthly: 2
weekly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

18
clusters/cl01tl/manifests/actual/ReplicationSource-actual-data-backup-source-local.yaml
View File

@@ -4,25 +4,25 @@ metadata:
name: actual-data-backup-source-local
namespace: actual
labels:
helm.sh/chart: volsync-target-data-1.1.1
helm.sh/chart: volsync-target-data-0.3.0
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
app.kubernetes.io/version: "1.1.1"
app.kubernetes.io/version: "0.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual-data-backup-source-local
app.kubernetes.io/name: actual-data-backup
spec:
sourcePVC: actual-data
trigger:
schedule: 0 8 * * *
schedule: 0 2 * * *
restic:
pruneIntervalDays: 7
repository: actual-data-backup-secret-local
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
daily: 3
hourly: 1
monthly: 2
weekly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

16
clusters/cl01tl/manifests/actual/ReplicationSource-actual-data-backup-source-remote.yaml
View File

@@ -4,25 +4,25 @@ metadata:
name: actual-data-backup-source-remote
namespace: actual
labels:
helm.sh/chart: volsync-target-data-1.1.1
helm.sh/chart: volsync-target-data-0.3.0
app.kubernetes.io/instance: actual
app.kubernetes.io/part-of: actual
app.kubernetes.io/version: "1.1.1"
app.kubernetes.io/version: "0.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual-data-backup
spec:
sourcePVC: actual-data
trigger:
schedule: 0 9 * * *
schedule: 0 3 * * *
restic:
pruneIntervalDays: 7
repository: actual-data-backup-secret-remote
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
daily: 3
hourly: 1
monthly: 2
weekly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

2
clusters/cl01tl/manifests/actual/Service-actual.yaml
View File

@@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: actual
app.kubernetes.io/service: actual
helm.sh/chart: actual-4.6.2
helm.sh/chart: actual-4.5.0
namespace: actual
spec:
type: ClusterIP

32
clusters/cl01tl/manifests/paperless-ngx/Cluster-paperless-ngx-postgresql-18-cluster.yaml → clusters/cl01tl/manifests/argo-workflows/Cluster-argo-workflows-postgresql-18-cluster.yaml
View File

@@ -1,18 +1,18 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: paperless-ngx-postgresql-18-cluster
namespace: paperless-ngx
name: argo-workflows-postgresql-18-cluster
namespace: argo-workflows
labels:
app.kubernetes.io/name: paperless-ngx-postgresql-18-cluster
helm.sh/chart: postgres-18-cluster-7.12.1
app.kubernetes.io/instance: paperless-ngx
app.kubernetes.io/part-of: paperless-ngx
app.kubernetes.io/version: "7.12.1"
helm.sh/chart: postgres-18-cluster-7.1.1
app.kubernetes.io/name: argo-workflows-postgresql-18
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "7.1.1"
app.kubernetes.io/managed-by: Helm
spec:
instances: 3
imageName: "ghcr.io/cloudnative-pg/postgresql:18.3-standard-trixie"
imageName: "ghcr.io/cloudnative-pg/postgresql:18.1-standard-trixie"
imagePullPolicy: IfNotPresent
postgresUID: 26
postgresGID: 26
@@ -26,8 +26,8 @@ spec:
limits:
hugepages-2Mi: 256Mi
requests:
cpu: 20m
memory: 80Mi
cpu: 100m
memory: 256Mi
affinity:
enablePodAntiAffinity: true
topologyKey: kubernetes.io/hostname
@@ -49,18 +49,18 @@ spec:
enabled: true
isWALArchiver: true
parameters:
barmanObjectName: "paperless-ngx-postgresql-18-backup-garage-local"
serverName: "paperless-ngx-postgresql-18-backup-1"
barmanObjectName: "argo-workflows-postgresql-18-garage-local-backup"
serverName: "argo-workflows-postgresql-18-backup-1"
bootstrap:
recovery:
database: app
source: paperless-ngx-postgresql-18-backup-1
source: argo-workflows-postgresql-18-backup-1
externalClusters:
- name: paperless-ngx-postgresql-18-backup-1
- name: argo-workflows-postgresql-18-backup-1
plugin:
name: barman-cloud.cloudnative-pg.io
enabled: true
isWALArchiver: false
parameters:
barmanObjectName: "paperless-ngx-postgresql-18-recovery"
serverName: paperless-ngx-postgresql-18-backup-1
barmanObjectName: "argo-workflows-postgresql-18-recovery"
serverName: argo-workflows-postgresql-18-backup-1

67
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-events-webhook.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-events-webhook
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- argoproj.io
resources:
- eventbus
- eventsources
- sensors
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
verbs:
- get
- list

42
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-admin.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-admin
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

92
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-argo-events-controller-manager.yaml Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-argo-events-controller-manager
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- sensors
- sensors/finalizers
- sensors/status
- eventsources
- eventsources/finalizers
- eventsources/status
- eventbus
- eventbus/finalizers
- eventbus/status
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
- pods/exec
- configmaps
- services
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
- statefulsets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

42
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-edit.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-edit
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

25
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-server-cluster-template.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-server-cluster-template
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
rules:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

120
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-nvmeof-nodeplugin-cr.yaml → clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-server.yaml
View File

@@ -1,78 +1,92 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-nvmeof-nodeplugin-cr
name: argo-workflows-server
labels:
helm.sh/chart: ceph-csi-operator-0.6.0
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.6.0"
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- sso
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
- secrets
resourceNames:
- argo-workflows-postgresql-18-cluster-app
- argo-workflows-postgresql-18-cluster-app
verbs:
- get
- apiGroups:
- argoproj.io
resources:
- eventsources
- sensors
- workflows
- workfloweventbindings
- workflowtemplates
- cronworkflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

37
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-view.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-view
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs:
- get
- list
- watch

22
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-workflow-controller-cluster-template.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-workflow-controller-cluster-template
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
rules:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
verbs:
- get
- list
- watch

155
clusters/cl01tl/manifests/argo-workflows/ClusterRole-argo-workflows-workflow-controller.yaml Normal file
View File

@@ -0,0 +1,155 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-workflow-controller
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
- namespaces
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims
- persistentvolumeclaims/finalizers
verbs:
- create
- update
- delete
- get
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtasksets/status
- workflowartifactgctasks
verbs:
- get
- list
- watch
- update
- patch
- delete
- create
- apiGroups:
- argoproj.io
resources:
- workflowtemplates
- workflowtemplates/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowtaskresults
- workflowtaskresults/finalizers
verbs:
- list
- watch
- deletecollection
- apiGroups:
- argoproj.io
resources:
- cronworkflows
- cronworkflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- apiGroups:
- "policy"
resources:
- poddisruptionbudgets
verbs:
- create
- get
- delete
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- argo-workflows-postgresql-18-cluster-app
- argo-workflows-postgresql-18-cluster-app
verbs:
- get
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- workflow-controller
- workflow-controller-lease
verbs:
- get
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
resourceNames:
- argo-workflows-agent-ca-certificates

19
clusters/cl01tl/manifests/argo-workflows/ClusterRoleBinding-argo-workflows-argo-events-controller-manager.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-workflows-argo-events-controller-manager
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-workflows-argo-events-controller-manager
subjects:
- kind: ServiceAccount
name: argo-workflows-argo-events-controller-manager
namespace: "argo-workflows"

18
clusters/cl01tl/manifests/argo-workflows/ClusterRoleBinding-argo-workflows-argo-events-events-webhook.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-workflows-argo-events-events-webhook
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-events-webhook
subjects:
- kind: ServiceAccount
name: argo-workflows-argo-events-events-webhook
namespace: "argo-workflows"

20
clusters/cl01tl/manifests/argo-workflows/ClusterRoleBinding-argo-workflows-server-cluster-template.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-workflows-server-cluster-template
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-workflows-server-cluster-template
subjects:
- kind: ServiceAccount
name: argo-workflows-server
namespace: "argo-workflows"

20
clusters/cl01tl/manifests/argo-workflows/ClusterRoleBinding-argo-workflows-server.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-workflows-server
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-workflows-server
subjects:
- kind: ServiceAccount
name: argo-workflows-server
namespace: "argo-workflows"

20
clusters/cl01tl/manifests/argo-workflows/ClusterRoleBinding-argo-workflows-workflow-controller-cluster-template.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-workflows-workflow-controller-cluster-template
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-workflows-workflow-controller-cluster-template
subjects:
- kind: ServiceAccount
name: argo-workflows-workflow-controller
namespace: "argo-workflows"

20
clusters/cl01tl/manifests/argo-workflows/ClusterRoleBinding-argo-workflows-workflow-controller.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-workflows-workflow-controller
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-workflows-workflow-controller
subjects:
- kind: ServiceAccount
name: argo-workflows-workflow-controller
namespace: "argo-workflows"

84
clusters/cl01tl/manifests/argo-workflows/ConfigMap-argo-workflows-argo-events-controller-manager.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argo-workflows-argo-events-controller-manager
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
data:
controller-config.yaml: |
eventBus:
nats:
versions:
- version: latest
natsStreamingImage: nats-streaming:latest
metricsExporterImage: natsio/prometheus-nats-exporter:latest
- version: 0.22.1
natsStreamingImage: nats-streaming:0.22.1
metricsExporterImage: natsio/prometheus-nats-exporter:0.8.0
jetstream:
# Default JetStream settings, could be overridden by EventBus JetStream specs
settings: |
# https://docs.nats.io/running-a-nats-service/configuration#jetstream
# Only configure "max_memory_store" or "max_file_store", do not set "store_dir" as it has been hardcoded.
max_memory_store: -1
max_file_store: -1
# The default properties of the streams to be created in this JetStream service
streamConfig: |
maxMsgs: 1e+06
maxAge: 72h
maxBytes: 1GB
replicas: 3
duplicates: 300s
retention: 0
discard: 0
versions:
- version: latest
natsImage: nats:2.10.10
metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
configReloaderImage: natsio/nats-server-config-reloader:0.14.0
startCommand: /nats-server
- version: 2.8.1
natsImage: nats:2.8.1
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.8.1-alpine
natsImage: nats:2.8.1-alpine
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: nats-server
- version: 2.8.2
natsImage: nats:2.8.2
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.8.2-alpine
natsImage: nats:2.8.2-alpine
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: nats-server
- version: 2.9.1
natsImage: nats:2.9.1
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.9.12
natsImage: nats:2.9.12
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.9.16
natsImage: nats:2.9.16
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.10.10
natsImage: nats:2.10.10
metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
configReloaderImage: natsio/nats-server-config-reloader:0.14.0
startCommand: /nats-server

59
clusters/cl01tl/manifests/argo-workflows/ConfigMap-argo-workflows-workflow-controller-configmap.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argo-workflows-workflow-controller-configmap
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-cm
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
data:
config: |
metricsConfig:
enabled: true
path: /metrics
port: 9090
ignoreErrors: false
secure: false
persistence:
archive: true
connectionPool:
maxIdleConns: 100
maxOpenConns: 0
nodeStatusOffLoad: true
postgresql:
database: app
host: argo-workflows-postgresql-18-cluster-rw
passwordSecret:
key: password
name: argo-workflows-postgresql-18-cluster-app
port: 5432
ssl: false
sslMode: disable
tableName: app
userNameSecret:
key: username
name: argo-workflows-postgresql-18-cluster-app
sso:
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: "https://argo-workflows.alexlebens.net/oauth2/callback"
rbac:
enabled: false
scopes:
- openid
- email
- profile
nodeEvents:
enabled: true
workflowEvents:
enabled: true

38
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-clusterworkflowtemplates.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io
annotations:
helm.sh/resource-policy: keep
spec:
group: argoproj.io
names:
kind: ClusterWorkflowTemplate
listKind: ClusterWorkflowTemplateList
plural: clusterworkflowtemplates
shortNames:
- clusterwftmpl
- cwft
singular: clusterworkflowtemplate
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true

42
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-cronworkflows.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
annotations:
helm.sh/resource-policy: keep
spec:
group: argoproj.io
names:
kind: CronWorkflow
listKind: CronWorkflowList
plural: cronworkflows
shortNames:
- cwf
- cronwf
singular: cronworkflow
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true

41
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-eventbus.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: eventbus.argoproj.io
annotations:
"helm.sh/resource-policy": keep
spec:
group: argoproj.io
names:
kind: EventBus
listKind: EventBusList
plural: eventbus
shortNames:
- eb
singular: eventbus
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

41
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-eventsources.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: eventsources.argoproj.io
annotations:
"helm.sh/resource-policy": keep
spec:
group: argoproj.io
names:
kind: EventSource
listKind: EventSourceList
plural: eventsources
shortNames:
- es
singular: eventsource
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

41
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-sensors.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sensors.argoproj.io
annotations:
"helm.sh/resource-policy": keep
spec:
group: argoproj.io
names:
kind: Sensor
listKind: SensorList
plural: sensors
shortNames:
- sn
singular: sensor
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

1139
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-workflowartifactgctasks.argoproj.io.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

702
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-workfloweventbindings.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,702 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workfloweventbindings.argoproj.io
annotations:
helm.sh/resource-policy: keep
spec:
group: argoproj.io
names:
kind: WorkflowEventBinding
listKind: WorkflowEventBindingList
plural: workfloweventbindings
shortNames:
- wfeb
singular: workfloweventbinding
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
event:
properties:
selector:
type: string
required:
- selector
type: object
submit:
properties:
arguments:
properties:
artifacts:
items:
properties:
archive:
properties:
none:
type: object
tar:
properties:
compressionLevel:
format: int32
type: integer
type: object
zip:
type: object
type: object
archiveLogs:
type: boolean
artifactGC:
properties:
podMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
serviceAccountName:
type: string
strategy:
enum:
- ""
- OnWorkflowCompletion
- OnWorkflowDeletion
- Never
type: string
type: object
artifactory:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
url:
type: string
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- url
type: object
azure:
properties:
accountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
blob:
type: string
container:
type: string
endpoint:
type: string
useSDKCreds:
type: boolean
required:
- blob
- container
- endpoint
type: object
deleted:
type: boolean
from:
type: string
fromExpression:
type: string
gcs:
properties:
bucket:
type: string
key:
type: string
serviceAccountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- key
type: object
git:
properties:
branch:
type: string
depth:
format: int64
type: integer
disableSubmodules:
type: boolean
fetch:
items:
type: string
type: array
insecureIgnoreHostKey:
type: boolean
insecureSkipTLS:
type: boolean
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
repo:
type: string
revision:
type: string
singleBranch:
type: boolean
sshPrivateKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- repo
type: object
globalName:
type: string
hdfs:
properties:
addresses:
items:
type: string
type: array
dataTransferProtection:
type: string
force:
type: boolean
hdfsUser:
type: string
krbCCacheSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbConfigConfigMap:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbKeytabSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbRealm:
type: string
krbServicePrincipalName:
type: string
krbUsername:
type: string
path:
type: string
required:
- path
type: object
http:
properties:
auth:
properties:
basicAuth:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientCert:
properties:
clientCertSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
oauth2:
properties:
clientIDSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientSecretSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
endpointParams:
items:
properties:
key:
type: string
value:
type: string
required:
- key
type: object
type: array
scopes:
items:
type: string
type: array
tokenURLSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
headers:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
url:
type: string
required:
- url
type: object
mode:
format: int32
type: integer
name:
type: string
optional:
type: boolean
oss:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
createBucketIfNotPresent:
type: boolean
endpoint:
type: string
key:
type: string
lifecycleRule:
properties:
markDeletionAfterDays:
format: int32
type: integer
markInfrequentAccessAfterDays:
format: int32
type: integer
type: object
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
path:
type: string
raw:
properties:
data:
type: string
required:
- data
type: object
recurseMode:
type: boolean
s3:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
createBucketIfNotPresent:
properties:
objectLocking:
type: boolean
type: object
encryptionOptions:
properties:
enableEncryption:
type: boolean
kmsEncryptionContext:
type: string
kmsKeyId:
type: string
serverSideCustomerKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
endpoint:
type: string
insecure:
type: boolean
key:
type: string
region:
type: string
roleARN:
type: string
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
useSDKCreds:
type: boolean
type: object
subPath:
type: string
required:
- name
type: object
type: array
parameters:
items:
properties:
default:
type: string
description:
type: string
enum:
items:
type: string
type: array
globalName:
type: string
name:
type: string
value:
type: string
valueFrom:
properties:
configMapKeyRef:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
default:
type: string
event:
type: string
expression:
type: string
jqFilter:
type: string
jsonPath:
type: string
parameter:
type: string
path:
type: string
supplied:
type: object
type: object
required:
- name
type: object
type: array
type: object
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
generateName:
type: string
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
workflowTemplateRef:
properties:
clusterScope:
type: boolean
name:
type: string
type: object
required:
- workflowTemplateRef
type: object
required:
- event
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

56
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-workflows.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,56 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
annotations:
helm.sh/resource-policy: keep
spec:
group: argoproj.io
names:
kind: Workflow
listKind: WorkflowList
plural: workflows
shortNames:
- wf
singular: workflow
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Status of the workflow
jsonPath: .status.phase
name: Status
type: string
- description: When the workflow was started
format: date-time
jsonPath: .status.startedAt
name: Age
type: date
- description: Human readable message indicating details about why the workflow is in this condition.
jsonPath: .status.message
name: Message
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources: {}

664
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-workflowtaskresults.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,664 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtaskresults.argoproj.io
annotations:
helm.sh/resource-policy: keep
spec:
group: argoproj.io
names:
kind: WorkflowTaskResult
listKind: WorkflowTaskResultList
plural: workflowtaskresults
singular: workflowtaskresult
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
message:
type: string
metadata:
type: object
outputs:
properties:
artifacts:
items:
properties:
archive:
properties:
none:
type: object
tar:
properties:
compressionLevel:
format: int32
type: integer
type: object
zip:
type: object
type: object
archiveLogs:
type: boolean
artifactGC:
properties:
podMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
serviceAccountName:
type: string
strategy:
enum:
- ""
- OnWorkflowCompletion
- OnWorkflowDeletion
- Never
type: string
type: object
artifactory:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
url:
type: string
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- url
type: object
azure:
properties:
accountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
blob:
type: string
container:
type: string
endpoint:
type: string
useSDKCreds:
type: boolean
required:
- blob
- container
- endpoint
type: object
deleted:
type: boolean
from:
type: string
fromExpression:
type: string
gcs:
properties:
bucket:
type: string
key:
type: string
serviceAccountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- key
type: object
git:
properties:
branch:
type: string
depth:
format: int64
type: integer
disableSubmodules:
type: boolean
fetch:
items:
type: string
type: array
insecureIgnoreHostKey:
type: boolean
insecureSkipTLS:
type: boolean
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
repo:
type: string
revision:
type: string
singleBranch:
type: boolean
sshPrivateKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- repo
type: object
globalName:
type: string
hdfs:
properties:
addresses:
items:
type: string
type: array
dataTransferProtection:
type: string
force:
type: boolean
hdfsUser:
type: string
krbCCacheSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbConfigConfigMap:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbKeytabSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbRealm:
type: string
krbServicePrincipalName:
type: string
krbUsername:
type: string
path:
type: string
required:
- path
type: object
http:
properties:
auth:
properties:
basicAuth:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientCert:
properties:
clientCertSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
oauth2:
properties:
clientIDSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientSecretSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
endpointParams:
items:
properties:
key:
type: string
value:
type: string
required:
- key
type: object
type: array
scopes:
items:
type: string
type: array
tokenURLSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
headers:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
url:
type: string
required:
- url
type: object
mode:
format: int32
type: integer
name:
type: string
optional:
type: boolean
oss:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
createBucketIfNotPresent:
type: boolean
endpoint:
type: string
key:
type: string
lifecycleRule:
properties:
markDeletionAfterDays:
format: int32
type: integer
markInfrequentAccessAfterDays:
format: int32
type: integer
type: object
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
path:
type: string
raw:
properties:
data:
type: string
required:
- data
type: object
recurseMode:
type: boolean
s3:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
createBucketIfNotPresent:
properties:
objectLocking:
type: boolean
type: object
encryptionOptions:
properties:
enableEncryption:
type: boolean
kmsEncryptionContext:
type: string
kmsKeyId:
type: string
serverSideCustomerKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
endpoint:
type: string
insecure:
type: boolean
key:
type: string
region:
type: string
roleARN:
type: string
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
useSDKCreds:
type: boolean
type: object
subPath:
type: string
required:
- name
type: object
type: array
exitCode:
type: string
parameters:
items:
properties:
default:
type: string
description:
type: string
enum:
items:
type: string
type: array
globalName:
type: string
name:
type: string
value:
type: string
valueFrom:
properties:
configMapKeyRef:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
default:
type: string
event:
type: string
expression:
type: string
jqFilter:
type: string
jsonPath:
type: string
parameter:
type: string
path:
type: string
supplied:
type: object
type: object
required:
- name
type: object
type: array
result:
type: string
type: object
phase:
type: string
progress:
type: string
required:
- metadata
type: object
served: true
storage: true

43
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-workflowtasksets.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtasksets.argoproj.io
annotations:
helm.sh/resource-policy: keep
spec:
group: argoproj.io
names:
kind: WorkflowTaskSet
listKind: WorkflowTaskSetList
plural: workflowtasksets
shortNames:
- wfts
singular: workflowtaskset
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

37
clusters/cl01tl/manifests/argo-workflows/CustomResourceDefinition-workflowtemplates.argoproj.io.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io
annotations:
helm.sh/resource-policy: keep
spec:
group: argoproj.io
names:
kind: WorkflowTemplate
listKind: WorkflowTemplateList
plural: workflowtemplates
shortNames:
- wftmpl
singular: workflowtemplate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true

83
clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-argo-events-controller-manager.yaml Normal file
View File

@@ -0,0 +1,83 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argo-workflows-argo-events-controller-manager
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
app.kubernetes.io/version: "v1.9.9"
spec:
selector:
matchLabels:
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
revisionHistoryLimit: 5
replicas: 1
template:
metadata:
annotations:
checksum/config: e6d3a18f3bc0117f3c101137a547917079415ad55f98bbb64dd3e5d17d871afc
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
app.kubernetes.io/version: "v1.9.9"
spec:
containers:
- name: controller-manager
image: quay.io/argoproj/argo-events:v1.9.9
imagePullPolicy: IfNotPresent
args:
- controller
env:
- name: ARGO_EVENTS_IMAGE
value: quay.io/argoproj/argo-events:v1.9.9
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: config
mountPath: /etc/argo-events
ports:
- name: metrics
containerPort: 7777
protocol: TCP
- name: probe
containerPort: 8081
protocol: TCP
livenessProbe:
httpGet:
port: probe
path: /healthz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
port: probe
path: /readyz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccountName: argo-workflows-argo-events-controller-manager
volumes:
- name: config
configMap:
name: argo-workflows-argo-events-controller-manager

88
clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-server.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argo-workflows-server
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "v3.7.6"
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
template:
metadata:
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "v3.7.6"
annotations:
checksum/cm: f1f372e86f83edd2d2b70ff6bc448cf6bd9b0aa21f955705de61b956301e118c
spec:
serviceAccountName: argo-workflows-server
containers:
- name: argo-server
image: "quay.io/argoproj/argocli:v3.7.6"
imagePullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
args:
- server
- --configmap=argo-workflows-workflow-controller-configmap
- "--auth-mode=sso"
- "--secure=false"
- "--loglevel"
- "info"
- "--gloglevel"
- "0"
- "--log-format"
- "text"
ports:
- name: web
containerPort: 2746
readinessProbe:
httpGet:
path: /
port: 2746
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 20
env:
- name: IN_CLUSTER
value: "true"
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ARGO_BASE_HREF
value: "/"
resources: {}
volumeMounts:
- name: tmp
mountPath: /tmp
terminationGracePeriodSeconds: 30
volumes:
- name: tmp
emptyDir: {}
nodeSelector:
kubernetes.io/os: linux

96
clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-workflow-controller.yaml Normal file
View File

@@ -0,0 +1,96 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argo-workflows-workflow-controller
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "v3.7.6"
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
template:
metadata:
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "v3.7.6"
spec:
serviceAccountName: argo-workflows-workflow-controller
containers:
- name: controller
image: "quay.io/argoproj/workflow-controller:v3.7.6"
imagePullPolicy: Always
command: ["workflow-controller"]
args:
- "--configmap"
- "argo-workflows-workflow-controller-configmap"
- "--executor-image"
- "quay.io/argoproj/argoexec:v3.7.6"
- "--loglevel"
- "info"
- "--gloglevel"
- "0"
- "--log-format"
- "text"
- "--workflow-workers"
- "2"
- "--workflow-ttl-workers"
- "1"
- "--pod-cleanup-workers"
- "1"
- "--cron-workflow-workers"
- "1"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
env:
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: LEADER_ELECTION_IDENTITY
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: LEADER_ELECTION_DISABLE
value: "true"
resources:
requests:
cpu: 10m
memory: 128Mi
ports:
- name: metrics
containerPort: 9090
- containerPort: 6060
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 6060
initialDelaySeconds: 90
periodSeconds: 60
timeoutSeconds: 30
nodeSelector:
kubernetes.io/os: linux

69
clusters/cl01tl/manifests/argo-workflows/Deployment-events-webhook.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: events-webhook
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: events-webhook
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
app.kubernetes.io/version: "v1.9.9"
spec:
selector:
matchLabels:
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows
revisionHistoryLimit: 5
replicas: 1
template:
metadata:
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: events-webhook
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
app.kubernetes.io/version: "v1.9.9"
spec:
containers:
- name: events-webhook
image: quay.io/argoproj/argo-events:v1.9.9
imagePullPolicy: IfNotPresent
args:
- webhook-service
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT
value: "443"
ports:
- name: webhook
containerPort: 443
protocol: TCP
livenessProbe:
tcpSocket:
port: webhook
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
tcpSocket:
port: webhook
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccountName: argo-workflows-argo-events-events-webhook

28
clusters/cl01tl/manifests/argo-workflows/ExternalSecret-argo-workflows-oidc-secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-oidc-secret
namespace: argo-workflows
labels:
app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: client

35
clusters/cl01tl/manifests/argo-workflows/ExternalSecret-argo-workflows-postgresql-18-cluster-backup-secret-garage.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
namespace: argo-workflows
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

28
clusters/cl01tl/manifests/argo-workflows/ExternalSecret-argo-workflows-postgresql-18-cluster-backup-secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret
namespace: argo-workflows
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

28
clusters/cl01tl/manifests/argo-workflows/HTTPRoute-http-route-argo-workflows.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-argo-workflows
namespace: argo-workflows
labels:
app.kubernetes.io/name: http-route-argo-workflows
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: argo-workflows-server
port: 2746
weight: 100

27
clusters/cl01tl/manifests/argo-workflows/ObjectStore-argo-workflows-postgresql-18-garage-local-backup.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: barmancloud.cnpg.io/v1
kind: ObjectStore
metadata:
name: "argo-workflows-postgresql-18-garage-local-backup"
namespace: argo-workflows
labels:
helm.sh/chart: postgres-18-cluster-7.1.1
app.kubernetes.io/name: argo-workflows-postgresql-18
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "7.1.1"
app.kubernetes.io/managed-by: Helm
spec:
retentionPolicy: 3d
configuration:
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
endpointURL: http://garage-main.garage:3900
s3Credentials:
accessKeyId:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
key: ACCESS_KEY_ID
secretAccessKey:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
key: ACCESS_SECRET_KEY
region:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
key: ACCESS_REGION

29
clusters/cl01tl/manifests/argo-workflows/ObjectStore-argo-workflows-postgresql-18-recovery.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: barmancloud.cnpg.io/v1
kind: ObjectStore
metadata:
name: "argo-workflows-postgresql-18-recovery"
namespace: argo-workflows
labels:
helm.sh/chart: postgres-18-cluster-7.1.1
app.kubernetes.io/name: argo-workflows-postgresql-18
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "7.1.1"
app.kubernetes.io/managed-by: Helm
spec:
configuration:
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
endpointURL: http://garage-main.garage:3900
wal:
compression: snappy
maxParallel: 1
data:
compression: snappy
jobs: 1
s3Credentials:
accessKeyId:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
key: ACCESS_KEY_ID
secretAccessKey:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
key: ACCESS_SECRET_KEY

144
clusters/cl01tl/manifests/dawarich/PrometheusRule-dawarich-postgresql-18-alert-rules.yaml → clusters/cl01tl/manifests/argo-workflows/PrometheusRule-argo-workflows-postgresql-18-alert-rules.yaml
View File

@@ -1,18 +1,18 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: dawarich-postgresql-18-alert-rules
namespace: dawarich
name: argo-workflows-postgresql-18-alert-rules
namespace: argo-workflows
labels:
app.kubernetes.io/name: dawarich-postgresql-18-alert-rules
helm.sh/chart: postgres-18-cluster-7.12.1
app.kubernetes.io/instance: dawarich
app.kubernetes.io/part-of: dawarich
app.kubernetes.io/version: "7.12.1"
helm.sh/chart: postgres-18-cluster-7.1.1
app.kubernetes.io/name: argo-workflows-postgresql-18
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "7.1.1"
app.kubernetes.io/managed-by: Helm
spec:
groups:
- name: cloudnative-pg/dawarich-postgresql-18
- name: cloudnative-pg/argo-workflows-postgresql-18
rules:
- alert: CNPGClusterBackendsWaitingWarning
annotations:
@@ -21,12 +21,12 @@ spec:
Pod {{ $labels.pod }}
has been waiting for longer than 5 minutes
expr: |
cnpg_backends_waiting_total{namespace="dawarich"} > 300
cnpg_backends_waiting_total > 300
for: 1m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterDatabaseDeadlockConflictsWarning
annotations:
summary: CNPG Cluster has over 10 deadlock conflicts.
@@ -34,12 +34,12 @@ spec:
There are over 10 deadlock conflicts in
{{ $labels.pod }}
expr: |
cnpg_pg_stat_database_deadlocks{namespace="dawarich"} > 10
cnpg_pg_stat_database_deadlocks > 10
for: 1m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterHACritical
annotations:
summary: CNPG Cluster has no standby replicas!
@@ -57,12 +57,12 @@ spec:
case you may want to silence it.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
expr: |
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="dawarich"} - cnpg_pg_replication_is_wal_receiver_up{namespace="dawarich"}) < 1
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="argo-workflows"} - cnpg_pg_replication_is_wal_receiver_up{namespace="argo-workflows"}) < 1
for: 5m
labels:
severity: critical
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterHAWarning
annotations:
summary: CNPG Cluster less than 2 standby replicas.
@@ -78,72 +78,72 @@ spec:
In this case you may want to silence it.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
expr: |
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="dawarich"} - cnpg_pg_replication_is_wal_receiver_up{namespace="dawarich"}) < 2
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="argo-workflows"} - cnpg_pg_replication_is_wal_receiver_up{namespace="argo-workflows"}) < 2
for: 5m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterHighConnectionsCritical
annotations:
summary: CNPG Instance maximum number of connections critical!
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of
the maximum number of connections.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
expr: |
sum by (pod) (cnpg_backends_total{namespace="dawarich", pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="dawarich", pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 95
sum by (pod) (cnpg_backends_total{namespace="argo-workflows", pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="argo-workflows", pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 95
for: 5m
labels:
severity: critical
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterHighConnectionsWarning
annotations:
summary: CNPG Instance is approaching the maximum number of connections.
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of
the maximum number of connections.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
expr: |
sum by (pod) (cnpg_backends_total{namespace="dawarich", pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="dawarich", pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 80
sum by (pod) (cnpg_backends_total{namespace="argo-workflows", pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="argo-workflows", pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 80
for: 5m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterHighReplicationLag
annotations:
summary: CNPG Cluster high replication lag
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" is experiencing a high replication lag of
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" is experiencing a high replication lag of
{{`{{`}} $value {{`}}`}}ms.
High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
expr: |
max(cnpg_pg_replication_lag{namespace="dawarich",pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}) * 1000 > 1000
max(cnpg_pg_replication_lag{namespace="argo-workflows",pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}) * 1000 > 1000
for: 5m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterInstancesOnSameNode
annotations:
summary: CNPG Cluster instances are located on the same node.
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" has {{`{{`}} $value {{`}}`}}
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" has {{`{{`}} $value {{`}}`}}
instances on the same node {{`{{`}} $labels.node {{`}}`}}.
A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
expr: |
count by (node) (kube_pod_info{namespace="dawarich", pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}) > 1
count by (node) (kube_pod_info{namespace="argo-workflows", pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}) > 1
for: 5m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterLongRunningTransactionWarning
annotations:
summary: CNPG Cluster query is taking longer than 5 minutes.
@@ -151,70 +151,70 @@ spec:
CloudNativePG Cluster Pod {{ $labels.pod }}
is taking more than 5 minutes (300 seconds) for a query.
expr: |-
cnpg_backends_max_tx_duration_seconds{namespace="dawarich"} > 300
cnpg_backends_max_tx_duration_seconds > 300
for: 1m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterLowDiskSpaceCritical
annotations:
summary: CNPG Instance is running out of disk space!
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" is running extremely low on disk space. Check attached PVCs!
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" is running extremely low on disk space. Check attached PVCs!
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
expr: |
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.9 OR
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.9 OR
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.9 OR
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.9 OR
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
/
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
*
on(namespace, persistentvolumeclaim) group_left(volume)
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}
) > 0.9
for: 5m
labels:
severity: critical
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterLowDiskSpaceWarning
annotations:
summary: CNPG Instance is running out of disk space.
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" is running low on disk space. Check attached PVCs.
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" is running low on disk space. Check attached PVCs.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
expr: |
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.7 OR
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.7 OR
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.7 OR
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.7 OR
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
/
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="dawarich", persistentvolumeclaim=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="argo-workflows", persistentvolumeclaim=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
*
on(namespace, persistentvolumeclaim) group_left(volume)
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}
) > 0.7
for: 5m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterOffline
annotations:
summary: CNPG Cluster has no running instances!
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" has no ready instances.
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" has no ready instances.
Having an offline cluster means your applications will not be able to access the database, leading to
potential service disruption and/or data loss.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
expr: |
(count(cnpg_collector_up{namespace="dawarich",pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"}) OR on() vector(0)) == 0
(count(cnpg_collector_up{namespace="argo-workflows",pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"}) OR on() vector(0)) == 0
for: 5m
labels:
severity: critical
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterPGDatabaseXidAgeWarning
annotations:
summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
@@ -222,24 +222,24 @@ spec:
Over 300,000,000 transactions from frozen xid
on pod {{ $labels.pod }}
expr: |
cnpg_pg_database_xid_age{namespace="dawarich"} > 300000000
cnpg_pg_database_xid_age > 300000000
for: 1m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterPGReplicationWarning
annotations:
summary: CNPG Cluster standby is lagging behind the primary.
description: |-
Standby is lagging behind by over 300 seconds (5 minutes)
expr: |
cnpg_pg_replication_lag{namespace="dawarich"} > 300
cnpg_pg_replication_lag > 300
for: 1m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterReplicaFailingReplicationWarning
annotations:
summary: CNPG Cluster has a replica is failing to replicate.
@@ -247,24 +247,24 @@ spec:
Replica {{ $labels.pod }}
is failing to replicate
expr: |
cnpg_pg_replication_in_recovery{namespace="dawarich"} > cnpg_pg_replication_is_wal_receiver_up{namespace="dawarich"}
cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
for: 1m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster
- alert: CNPGClusterZoneSpreadWarning
annotations:
summary: CNPG Cluster instances in the same zone.
description: |-
CloudNativePG Cluster "dawarich/dawarich-postgresql-18-cluster" has instances in the same availability zone.
CloudNativePG Cluster "argo-workflows/argo-workflows-postgresql-18-cluster" has instances in the same availability zone.
A disaster in one availability zone will lead to a potential service disruption and/or data loss.
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
expr: |
3 > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="dawarich", pod=~"dawarich-postgresql-18-cluster-([1-9][0-9]*)$"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
3 > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="argo-workflows", pod=~"argo-workflows-postgresql-18-cluster-([1-9][0-9]*)$"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
for: 5m
labels:
severity: warning
namespace: dawarich
cnpg_cluster: dawarich-postgresql-18-cluster
namespace: argo-workflows
cnpg_cluster: argo-workflows-postgresql-18-cluster

21
clusters/cl01tl/manifests/argo-workflows/Role-argo-workflows-workflow.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-workflows-workflow
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
namespace: argo-workflows
rules:
- apiGroups:
- argoproj.io
resources:
- workflowtaskresults
verbs:
- create
- patch

21
clusters/cl01tl/manifests/argo-workflows/RoleBinding-argo-workflows-workflow.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-workflows-workflow
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
namespace: argo-workflows
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-workflows-workflow
subjects:
- kind: ServiceAccount
name: argo-workflow
namespace: argo-workflows

24
clusters/cl01tl/manifests/argo-workflows/ScheduledBackup-argo-workflows-postgresql-18-live-backup-scheduled-backup.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: "argo-workflows-postgresql-18-live-backup-scheduled-backup"
namespace: argo-workflows
labels:
helm.sh/chart: postgres-18-cluster-7.1.1
app.kubernetes.io/name: argo-workflows-postgresql-18
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "7.1.1"
app.kubernetes.io/managed-by: Helm
spec:
immediate: true
suspend: false
schedule: "0 0 0 * * *"
backupOwnerReference: self
cluster:
name: argo-workflows-postgresql-18-cluster
method: plugin
pluginConfiguration:
name: barman-cloud.cloudnative-pg.io
parameters:
barmanObjectName: "argo-workflows-postgresql-18-garage-local-backup"

21
clusters/cl01tl/manifests/argo-workflows/Service-argo-workflows-argo-events-controller-manager-metrics.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: argo-workflows-argo-events-controller-manager-metrics
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager-metrics
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
spec:
ports:
- name: metrics
protocol: TCP
port: 8082
targetPort: metrics
selector:
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows

23
clusters/cl01tl/manifests/argo-workflows/Service-argo-workflows-server.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
name: argo-workflows-server
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "v3.7.6"
spec:
ports:
- port: 2746
targetPort: 2746
selector:
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
sessionAffinity: None
type: ClusterIP

25
clusters/cl01tl/manifests/argo-workflows/Service-argo-workflows-workflow-controller.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
name: argo-workflows-workflow-controller
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows
app.kubernetes.io/version: "v3.7.6"
spec:
ports:
- name: metrics
port: 8080
protocol: TCP
targetPort: 9090
selector:
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
sessionAffinity: None
type: ClusterIP

18
clusters/cl01tl/manifests/argo-workflows/Service-events-webhook.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: events-webhook
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
spec:
ports:
- port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows

13
clusters/cl01tl/manifests/argo-workflows/ServiceAccount-argo-workflows-argo-events-controller-manager.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: argo-workflows-argo-events-controller-manager
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events

13
clusters/cl01tl/manifests/argo-workflows/ServiceAccount-argo-workflows-argo-events-events-webhook.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: argo-workflows-argo-events-events-webhook
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: events-webhook
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events

13
clusters/cl01tl/manifests/argo-workflows/ServiceAccount-argo-workflows-server.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-workflows-server
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-server
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: server
app: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows

13
clusters/cl01tl/manifests/argo-workflows/ServiceAccount-argo-workflows-workflow-controller.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-workflows-workflow-controller
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-workflows-0.46.2
app.kubernetes.io/name: argo-workflows-workflow-controller
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: workflow-controller
app: workflow-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-workflows

25
clusters/cl01tl/manifests/argo-workflows/ServiceMonitor-argo-workflows-argo-events-controller-manager.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argo-workflows-argo-events-controller-manager
namespace: "argo-workflows"
labels:
helm.sh/chart: argo-events-2.4.19
app.kubernetes.io/name: argo-events-controller-manager
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argo-events
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- "argo-workflows"
selector:
matchLabels:
app.kubernetes.io/name: argo-events-controller-manager-metrics
app.kubernetes.io/instance: argo-workflows
app.kubernetes.io/component: controller-manager

4
clusters/cl01tl/manifests/argocd/ClusterRole-argocd-application-controller.yaml
View File

@@ -3,13 +3,13 @@ kind: ClusterRole
metadata:
name: argocd-application-controller
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: application-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- '*'

6
clusters/cl01tl/manifests/argocd/ClusterRole-argocd-notifications-controller.yaml
View File

@@ -3,13 +3,13 @@ kind: ClusterRole
metadata:
name: argocd-notifications-controller
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- argoproj.io
@@ -41,7 +41,7 @@ rules:
- apiGroups:
- ""
resourceNames:
- argocd-notifications-ntfy
- argocd-notifications-secret
resources:
- secrets
verbs:

4
clusters/cl01tl/manifests/argocd/ClusterRole-argocd-server.yaml
View File

@@ -3,13 +3,13 @@ kind: ClusterRole
metadata:
name: argocd-server
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- '*'

4
clusters/cl01tl/manifests/argocd/ClusterRoleBinding-argocd-application-controller.yaml
View File

@@ -3,13 +3,13 @@ kind: ClusterRoleBinding
metadata:
name: argocd-application-controller
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: application-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

4
clusters/cl01tl/manifests/argocd/ClusterRoleBinding-argocd-notifications-controller.yaml
View File

@@ -3,13 +3,13 @@ kind: ClusterRoleBinding
metadata:
name: argocd-notifications-controller
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

4
clusters/cl01tl/manifests/argocd/ClusterRoleBinding-argocd-server.yaml
View File

@@ -3,13 +3,13 @@ kind: ClusterRoleBinding
metadata:
name: argocd-server
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

11
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-cm.yaml
View File

@@ -4,15 +4,14 @@ metadata:
name: argocd-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
data:
accounts.homepage: apiKey
admin.enabled: "true"
application.instanceLabelKey: argocd.argoproj.io/instance
application.sync.impersonation.enabled: "false"
@@ -20,8 +19,8 @@ data:
connectors:
- config:
issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-authentik:client
clientSecret: $argocd-oidc-authentik:secret
clientID: $argocd-oidc-secret:client
clientSecret: $argocd-oidc-secret:secret
insecureEnableGroups: true
scopes:
- openid
@@ -127,6 +126,6 @@ data:
statusbadge.enabled: "true"
statusbadge.url: https://argocd.alexlebens.net/
timeout.hard.reconciliation: 0s
timeout.reconciliation: 120s
timeout.reconciliation: 100s
timeout.reconciliation.jitter: 60s
url: https://argocd.alexlebens.net

4
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-cmd-params-cm.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-cmd-params-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
data:
applicationsetcontroller.enable.leader.election: "true"
applicationsetcontroller.log.format: text

33
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-cmp-cm.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmp-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-cmp-cm
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: repo-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.2.1"
data:
cdk8s.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: cdk8s
spec:
discover:
fileName: '*.go'
generate:
args:
- --stdout
command:
- cdk8s
- synth
init:
args:
- import
command:
- cdk8s

4
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-gpg-keys-cm.yaml
View File

@@ -4,9 +4,9 @@ metadata:
name: argocd-gpg-keys-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-gpg-keys-cm
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"

5
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-notifications-cm.yaml
View File

@@ -4,15 +4,16 @@ metadata:
name: argocd-notifications-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
data:
context: |
argocdUrl: https://argocd.example.com
argocdUrl: https://argocd.alexlebens.net
service.webhook.ntfy: |
url: http://ntfy.ntfy/

5
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-rbac-cm.yaml
View File

@@ -4,17 +4,16 @@ metadata:
name: argocd-rbac-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-rbac-cm
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
data:
policy.csv: |
g, ArgoCD Admins, role:admin
g, homepage, role:readonly
policy.default: ""
policy.matchMode: glob
scopes: '[groups]'

4
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-ssh-known-hosts-cm.yaml
View File

@@ -4,12 +4,12 @@ metadata:
name: argocd-ssh-known-hosts-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-ssh-known-hosts-cm
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
data:
ssh_known_hosts: |
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=

4
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-tls-certs-cm.yaml
View File

@@ -4,9 +4,9 @@ metadata:
name: argocd-tls-certs-cm
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-tls-certs-cm
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"

883
clusters/cl01tl/manifests/argocd/CustomResourceDefinition-applications.argoproj.io.yaml
View File

@@ -3,7 +3,6 @@ kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
argocd.argoproj.io/sync-options: ServerSideApply=true
labels:
app.kubernetes.io/name: applications.argoproj.io
app.kubernetes.io/part-of: argocd
@@ -1240,303 +1239,9 @@ spec:
drySource:
description: DrySource specifies where the dry "don't repeat yourself" manifest source lives.
properties:
directory:
description: Directory specifies path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation
type: string
include:
description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External Variables
items:
description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level Arguments
items:
description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory recursively for manifests
type: boolean
type: object
helm:
description: Helm specifies helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the helm template
items:
description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation
items:
description: HelmParameter is a parameter that's passed to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all domains (Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name to use. If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.
type: string
valuesObject:
description: ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.
type: object
x-kubernetes-preserve-unknown-fields: true
version:
description: Version is the Helm version to use for templating ("3")
type: string
type: object
kustomize:
description: Kustomize specifies kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional labels to add to rendered manifests
type: object
components:
description: Components specifies a list of kustomize components to add to the kustomization before building
items:
type: string
type: array
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override specifications
items:
description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether to apply common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not
type: boolean
namePrefix:
description: NamePrefix is a prefix appended to resources for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository where the manifests are located
type: string
plugin:
description: Plugin specifies config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
items:
description: EnvEntry represents an entry in the application's environment
properties:
name:
description: Name is the name of the variable, usually expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
parameters:
items:
properties:
array:
description: Array is the value of an array type parameter.
items:
type: string
type: array
map:
additionalProperties:
type: string
description: Map is the value of a map type parameter.
type: object
name:
description: Name is the name identifying a parameter.
type: string
string:
description: String_ is the value of a string type parameter.
type: string
type: object
type: array
type: object
repoURL:
description: RepoURL is the URL to the git repository that contains the application manifests
type: string
@@ -4329,303 +4034,9 @@ spec:
drySource:
description: DrySource specifies where the dry "don't repeat yourself" manifest source lives.
properties:
directory:
description: Directory specifies path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation
type: string
include:
description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External Variables
items:
description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level Arguments
items:
description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory recursively for manifests
type: boolean
type: object
helm:
description: Helm specifies helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the helm template
items:
description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation
items:
description: HelmParameter is a parameter that's passed to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all domains (Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name to use. If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.
type: string
valuesObject:
description: ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.
type: object
x-kubernetes-preserve-unknown-fields: true
version:
description: Version is the Helm version to use for templating ("3")
type: string
type: object
kustomize:
description: Kustomize specifies kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional labels to add to rendered manifests
type: object
components:
description: Components specifies a list of kustomize components to add to the kustomization before building
items:
type: string
type: array
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override specifications
items:
description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether to apply common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not
type: boolean
namePrefix:
description: NamePrefix is a prefix appended to resources for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository where the manifests are located
type: string
plugin:
description: Plugin specifies config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
items:
description: EnvEntry represents an entry in the application's environment
properties:
name:
description: Name is the name of the variable, usually expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
parameters:
items:
properties:
array:
description: Array is the value of an array type parameter.
items:
type: string
type: array
map:
additionalProperties:
type: string
description: Map is the value of a map type parameter.
type: object
name:
description: Name is the name identifying a parameter.
type: string
string:
description: String_ is the value of a string type parameter.
type: string
type: object
type: array
type: object
repoURL:
description: RepoURL is the URL to the git repository that contains the application manifests
type: string
@@ -4695,303 +4106,9 @@ spec:
drySource:
description: DrySource specifies where the dry "don't repeat yourself" manifest source lives.
properties:
directory:
description: Directory specifies path/directory specific options
properties:
exclude:
description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation
type: string
include:
description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation
type: string
jsonnet:
description: Jsonnet holds options specific to Jsonnet
properties:
extVars:
description: ExtVars is a list of Jsonnet External Variables
items:
description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
libs:
description: Additional library search dirs
items:
type: string
type: array
tlas:
description: TLAS is a list of Jsonnet Top-level Arguments
items:
description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation
properties:
code:
type: boolean
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
type: object
recurse:
description: Recurse specifies whether to scan a directory recursively for manifests
type: boolean
type: object
helm:
description: Helm specifies helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the helm template
items:
description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation
properties:
name:
description: Name is the name of the Helm parameter
type: string
path:
description: Path is the path to the file containing the values for the Helm parameter
type: string
type: object
type: array
ignoreMissingValueFiles:
description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation
items:
description: HelmParameter is a parameter that's passed to helm template during manifest generation
properties:
forceString:
description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings
type: boolean
name:
description: Name is the name of the Helm parameter
type: string
value:
description: Value is the value for the Helm parameter
type: string
type: object
type: array
passCredentials:
description: PassCredentials pass credentials to all domains (Helm's --pass-credentials)
type: boolean
releaseName:
description: ReleaseName is the Helm release name to use. If omitted it will use the application name
type: string
skipCrds:
description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files to use when generating a template
items:
type: string
type: array
values:
description: Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.
type: string
valuesObject:
description: ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.
type: object
x-kubernetes-preserve-unknown-fields: true
version:
description: Version is the Helm version to use for templating ("3")
type: string
type: object
kustomize:
description: Kustomize specifies kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations is a list of additional annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
description: CommonLabels is a list of additional labels to add to rendered manifests
type: object
components:
description: Components specifies a list of kustomize components to add to the kustomization before building
items:
type: string
type: array
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override specifications
items:
description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether to apply common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not
type: boolean
namePrefix:
description: NamePrefix is a prefix appended to resources for Kustomize apps
type: string
nameSuffix:
description: NameSuffix is a suffix appended to resources for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize to use for rendering manifests
type: string
type: object
path:
description: Path is a directory path within the Git repository where the manifests are located
type: string
plugin:
description: Plugin specifies config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
items:
description: EnvEntry represents an entry in the application's environment
properties:
name:
description: Name is the name of the variable, usually expressed in uppercase
type: string
value:
description: Value is the value of the variable
type: string
required:
- name
- value
type: object
type: array
name:
type: string
parameters:
items:
properties:
array:
description: Array is the value of an array type parameter.
items:
type: string
type: array
map:
additionalProperties:
type: string
description: Map is the value of a map type parameter.
type: object
name:
description: Name is the name identifying a parameter.
type: string
string:
description: String_ is the value of a string type parameter.
type: string
type: object
type: array
type: object
repoURL:
description: RepoURL is the URL to the git repository that contains the application manifests
type: string

5329
clusters/cl01tl/manifests/argocd/CustomResourceDefinition-applicationsets.argoproj.io.yaml
View File

File diff suppressed because it is too large Load Diff

19
clusters/cl01tl/manifests/argocd/CustomResourceDefinition-appprojects.argoproj.io.yaml
View File

@@ -3,7 +3,6 @@ kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
argocd.argoproj.io/sync-options: ServerSideApply=true
labels:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
@@ -54,17 +53,14 @@ spec:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
items:
description: ClusterResourceRestrictionItem is a cluster resource that is restricted by the project's whitelist or blacklist
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
name:
description: |-
Name is the name of the restricted resource. Glob patterns using Go's filepath.Match syntax are supported.
Unlike the group and kind fields, if no name is specified, all resources of the specified group/kind are matched.
type: string
required:
- group
- kind
@@ -73,17 +69,14 @@ spec:
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
items:
description: ClusterResourceRestrictionItem is a cluster resource that is restricted by the project's whitelist or blacklist
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
name:
description: |-
Name is the name of the restricted resource. Glob patterns using Go's filepath.Match syntax are supported.
Unlike the group and kind fields, if no name is specified, all resources of the specified group/kind are matched.
type: string
required:
- group
- kind

29
clusters/cl01tl/manifests/argocd/Deployment-argocd-applicationset-controller.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-applicationset-controller
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
replicas: 2
revisionHistoryLimit: 3
@@ -21,22 +21,22 @@ spec:
template:
metadata:
annotations:
checksum/cmd-params: 3b229614063a4fcb1498b93404dadd3387f4a14029e5eab3ced46164b47283a3
checksum/cmd-params: 9af377f2ae4b7f545ba43b4fe76ecc57c98d38c0647143d5e96e054737a5804d
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: argocd-applicationset-controller
automountServiceAccountToken: true
containers:
- name: applicationset-controller
image: quay.io/argoproj/argocd:v3.3.8
image: quay.io/argoproj/argocd:v3.2.1
imagePullPolicy: IfNotPresent
args:
- /usr/local/bin/argocd-applicationset-controller
@@ -223,23 +223,20 @@ spec:
livenessProbe:
tcpSocket:
port: probe
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
tcpSocket:
port: probe
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 10m
memory: 50Mi
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:

28
clusters/cl01tl/manifests/argocd/Deployment-argocd-dex-server.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-dex-server
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: dex-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
replicas: 1
revisionHistoryLimit: 3
@@ -21,23 +21,23 @@ spec:
template:
metadata:
annotations:
checksum/cmd-params: 3b229614063a4fcb1498b93404dadd3387f4a14029e5eab3ced46164b47283a3
checksum/cm: fdce5a7774e6b2c546b5e56fdf6e1f8c982297cb6dece162c2a9a2fe1ee316ae
checksum/cmd-params: 9af377f2ae4b7f545ba43b4fe76ecc57c98d38c0647143d5e96e054737a5804d
checksum/cm: 0544b0704ae2ec7da9e1257e17e23ffb056314586e248ec08a79700f7bd213e6
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: dex-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: argocd-dex-server
automountServiceAccountToken: true
containers:
- name: dex-server
image: ghcr.io/dexidp/dex:v2.45.1
image: ghcr.io/dexidp/dex:v2.44.0
imagePullPolicy: IfNotPresent
command:
- /shared/argocd-dex
@@ -98,10 +98,7 @@ spec:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 1m
memory: 64Mi
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -109,7 +106,6 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
volumeMounts:
@@ -121,7 +117,7 @@ spec:
mountPath: /tls
initContainers:
- name: copyutil
image: quay.io/argoproj/argocd:v3.3.8
image: quay.io/argoproj/argocd:v3.2.1
imagePullPolicy: IfNotPresent
command:
- /bin/cp
@@ -133,10 +129,7 @@ spec:
name: static-files
- mountPath: /tmp
name: dexconfig
resources:
requests:
cpu: 1m
memory: 64Mi
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -144,7 +137,6 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
affinity:

19
clusters/cl01tl/manifests/argocd/Deployment-argocd-notifications-controller.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-notifications-controller
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
replicas: 1
revisionHistoryLimit: 3
@@ -23,29 +23,29 @@ spec:
template:
metadata:
annotations:
checksum/cmd-params: 3b229614063a4fcb1498b93404dadd3387f4a14029e5eab3ced46164b47283a3
checksum/cmd-params: 9af377f2ae4b7f545ba43b4fe76ecc57c98d38c0647143d5e96e054737a5804d
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: argocd-notifications-controller
automountServiceAccountToken: true
containers:
- name: notifications-controller
image: quay.io/argoproj/argocd:v3.3.8
image: quay.io/argoproj/argocd:v3.2.1
imagePullPolicy: IfNotPresent
args:
- /usr/local/bin/argocd-notifications
- --metrics-port=9001
- --namespace=argocd
- --argocd-repo-server=argocd-repo-server:8081
- --secret-name=argocd-notifications-ntfy
- --secret-name=argocd-notifications-secret
env:
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
valueFrom:
@@ -103,10 +103,7 @@ spec:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 2m
memory: 50Mi
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:

12
clusters/cl01tl/manifests/argocd/Deployment-argocd-redis-ha-haproxy.yaml
View File

@@ -28,6 +28,9 @@ spec:
component: haproxy
app.kubernetes.io/name: argocd-redis-ha-haproxy
annotations:
prometheus.io/port: "9101"
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
checksum/config: 41729c8b600983b574147eb778eb317992f0a620e163e58b070b159548c3f8e6
spec:
serviceAccountName: argocd-redis-ha-haproxy
@@ -49,7 +52,7 @@ spec:
topologyKey: kubernetes.io/hostname
initContainers:
- name: config-init
image: haproxy:3.3.7-alpine@sha256:2afa53c856e4e9fcc7dfb35b807fcb189896d7e62b38d363f9bedea92bce7f9a
image: ecr-public.aws.com/docker/library/haproxy:3.0.8-alpine
imagePullPolicy: IfNotPresent
resources: {}
command:
@@ -73,7 +76,7 @@ spec:
mountPath: /data
containers:
- name: haproxy
image: haproxy:3.3.7-alpine@sha256:2afa53c856e4e9fcc7dfb35b807fcb189896d7e62b38d363f9bedea92bce7f9a
image: ecr-public.aws.com/docker/library/haproxy:3.0.8-alpine
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
@@ -103,10 +106,7 @@ spec:
containerPort: 6379
- name: metrics-port
containerPort: 9101
resources:
requests:
cpu: 5m
memory: 90Mi
resources: {}
volumeMounts:
- name: data
mountPath: /usr/local/etc/haproxy

69
clusters/cl01tl/manifests/argocd/Deployment-argocd-repo-server.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-repo-server
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: repo-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
replicas: 2
revisionHistoryLimit: 3
@@ -21,23 +21,24 @@ spec:
template:
metadata:
annotations:
checksum/cmd-params: 3b229614063a4fcb1498b93404dadd3387f4a14029e5eab3ced46164b47283a3
checksum/cm: fdce5a7774e6b2c546b5e56fdf6e1f8c982297cb6dece162c2a9a2fe1ee316ae
checksum/cmd-params: 9af377f2ae4b7f545ba43b4fe76ecc57c98d38c0647143d5e96e054737a5804d
checksum/cm: 0544b0704ae2ec7da9e1257e17e23ffb056314586e248ec08a79700f7bd213e6
checksum/cmp-cm: 3ba5eb318a53c93c201ebd3507cf80d06bff9a0dbdc833d96acde450242773ff
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: repo-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: argocd-repo-server
automountServiceAccountToken: true
containers:
- name: repo-server
image: quay.io/argoproj/argocd:v3.3.8
image: quay.io/argoproj/argocd:v3.2.1
imagePullPolicy: IfNotPresent
args:
- /usr/local/bin/argocd-repo-server
@@ -332,24 +333,21 @@ spec:
httpGet:
path: /healthz?full=true
port: metrics
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 1m
memory: 50Mi
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -359,19 +357,33 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- command:
- /var/run/argocd/argocd-cmp-server
image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0
name: cmp-cdk8s
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /home/argocd/cmp-server/config/plugin.yaml
name: argocd-cmp-cm
subPath: cdk8s.yaml
- mountPath: /tmp
name: cmp-tmp
initContainers:
- command:
- sh
- '-c'
args:
- /bin/cp --update=none /usr/local/bin/argocd /var/run/argocd/argocd && /bin/ln -sf /var/run/argocd/argocd /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v3.3.8
- /bin/cp
- --update=none
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v3.2.1
imagePullPolicy: IfNotPresent
name: copyutil
resources:
requests:
cpu: 1m
memory: 50Mi
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -396,6 +408,11 @@ spec:
nodeSelector:
kubernetes.io/os: linux
volumes:
- configMap:
name: argocd-cmp-cm
name: argocd-cmp-cm
- emptyDir: {}
name: cmp-tmp
- name: helm-working-dir
emptyDir: {}
- name: plugins

48
clusters/cl01tl/manifests/argocd/Deployment-argocd-server.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-server
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
replicas: 2
revisionHistoryLimit: 3
@@ -21,23 +21,23 @@ spec:
template:
metadata:
annotations:
checksum/cmd-params: 3b229614063a4fcb1498b93404dadd3387f4a14029e5eab3ced46164b47283a3
checksum/cm: fdce5a7774e6b2c546b5e56fdf6e1f8c982297cb6dece162c2a9a2fe1ee316ae
checksum/cmd-params: 9af377f2ae4b7f545ba43b4fe76ecc57c98d38c0647143d5e96e054737a5804d
checksum/cm: 0544b0704ae2ec7da9e1257e17e23ffb056314586e248ec08a79700f7bd213e6
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: argocd-server
automountServiceAccountToken: true
containers:
- name: server
image: quay.io/argoproj/argocd:v3.3.8
image: quay.io/argoproj/argocd:v3.2.1
imagePullPolicy: IfNotPresent
args:
- /usr/local/bin/argocd-server
@@ -369,6 +369,8 @@ spec:
name: tmp
- name: argocd-cmd-params-cm
mountPath: /home/argocd/params
- mountPath: /tmp/extensions
name: extensions
ports:
- name: server
containerPort: 8080
@@ -394,10 +396,7 @@ spec:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 20m
memory: 80Mi
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -407,6 +406,31 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
initContainers:
- name: extension-trivy
image: quay.io/argoprojlabs/argocd-extension-installer:v0.0.9
imagePullPolicy: IfNotPresent
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: extensions
mountPath: /tmp/extensions/
- name: tmp
mountPath: /tmp
env:
- name: EXTENSION_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
@@ -419,6 +443,8 @@ spec:
nodeSelector:
kubernetes.io/os: linux
volumes:
- name: extensions
emptyDir: {}
- name: plugins-home
emptyDir: {}
- name: tmp

11
clusters/cl01tl/manifests/argocd/ExternalSecret-argocd-notifications-ntfy.yaml → clusters/cl01tl/manifests/argocd/ExternalSecret-argocd-notifications-secret.yaml
View File

@@ -1,18 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-notifications-ntfy
name: argocd-notifications-secret
namespace: argocd
labels:
app.kubernetes.io/name: argocd-notifications-ntfy
app.kubernetes.io/name: argocd-notifications-secret
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: ntfy-token
remoteRef:
key: /cl01tl/ntfy/users/cl01tl
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token

16
clusters/cl01tl/manifests/argocd/ExternalSecret-argocd-oidc-authentik.yaml → clusters/cl01tl/manifests/argocd/ExternalSecret-argocd-oidc-secret.yaml
View File

@@ -1,22 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-oidc-authentik
name: argocd-oidc-secret
namespace: argocd
labels:
app.kubernetes.io/name: argocd-oidc-authentik
app.kubernetes.io/name: argocd-oidc-secret
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: secret
remoteRef:
key: /cl01tl/authentik/oidc/argocd
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
key: /cl01tl/authentik/oidc/argocd
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: client

10
clusters/cl01tl/manifests/argocd/HTTPRoute-argocd-server.yaml → clusters/cl01tl/manifests/argocd/HTTPRoute-http-route-argocd.yaml
View File

@@ -1,16 +1,12 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: argocd-server
name: http-route-argocd
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
app.kubernetes.io/name: argocd-server
app.kubernetes.io/name: http-route-argocd
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -29,4 +25,4 @@ spec:
kind: Service
name: argocd-server
port: 80
weight: 1
weight: 100

2
clusters/cl01tl/manifests/argocd/Pod-argocd-redis-ha-service-test.yaml
View File

@@ -15,7 +15,7 @@ spec:
tolerations: []
containers:
- name: "argocd-service-test"
image: redis:8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72
image: ecr-public.aws.com/docker/library/redis:8.2.2-alpine
command:
- sh
- -c

37
clusters/cl01tl/manifests/argocd/PrometheusRule-argocd-application-controller.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: argocd-application-controller
namespace: "argocd"
labels:
helm.sh/chart: argo-cd-9.5.6
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: application-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
spec:
groups:
- name: argocd
rules:
- alert: ArgoAppMissing
annotations:
description: |
Argo CD has not reported any applications data for the past 15 minutes which means that it must be down or not functioning properly. This needs to be resolved for this cloud to continue to maintain state.
summary: '[Argo CD] No reported applications'
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
- alert: ArgoAppNotSynced
annotations:
description: |
The application [{{`{{$labels.name}}`}} has not been synchronized for over 12 hours which means that the state of this cloud has drifted away from the state inside Git.
summary: '[{{`{{$labels.name}}`}}] Application not synchronized'
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning

18
clusters/cl01tl/manifests/argocd/PrometheusRule-argocd-redis-ha.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: argocd-redis-ha
spec:
groups:
- name: argocd-redis-ha
interval: 30s
rules:
- alert: RedisPodDown
annotations:
description: Redis pod {{ $labels.pod }} is down
summary: Redis pod {{ $labels.pod }} is down
expr: |
redis_up{job="argocd-redis-ha"} == 0
for: 5m
labels:
severity: critical

109
clusters/cl01tl/manifests/argocd/PrometheusRule-haproxy.yaml
View File

@@ -1,109 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: haproxy
namespace: argocd
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
spec:
groups:
- name: EmbeddedExporter
rules:
- alert: HAProxyHighHTTP4xxErrorRateBackend
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 4xx error rate backend (instance {{ $labels.instance }})
description: "Too many HTTP requests with status 4xx (> 5%) on backend {{ $labels.proxy }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyHighHTTP5xxErrorRateBackend
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 5xx error rate backend (instance {{ $labels.instance }})
description: "Too many HTTP requests with status 5xx (> 5%) on backend {{ $labels.proxy }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyHighHTTP4xxErrorRateServer
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 4xx error rate server (instance {{ $labels.instance }})
description: "Too many HTTP requests with status 4xx (> 5%) on server {{ $labels.server }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyHighHTTP5xxErrorRateServer
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 5xx error rate server (instance {{ $labels.instance }})
description: "Too many HTTP requests with status 5xx (> 5%) on server {{ $labels.server }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyServerResponseErrors
expr: (sum by (server) (rate(haproxy_server_response_errors_total[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100 > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy server response errors (instance {{ $labels.instance }})
description: "Too many response errors to {{ $labels.server }} server (> 5%).\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyBackendConnectionErrors
expr: (sum by (proxy) (rate(haproxy_backend_connection_errors_total[1m]))) > 100
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy backend connection errors (instance {{ $labels.instance }})
description: "Too many connection errors to {{ $labels.proxy }} backend (> 100 req/s). Request throughput may be too high.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyServerConnectionErrors
expr: (sum by (proxy) (rate(haproxy_server_connection_errors_total[1m]))) > 100
for: 0m
labels:
severity: critical
annotations:
summary: HAProxy server connection errors (instance {{ $labels.instance }})
description: "Too many connection errors to {{ $labels.proxy }} (> 100 req/s). Request throughput may be too high.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyBackendMaxActiveSession>80%
expr: (haproxy_backend_current_sessions / haproxy_backend_limit_sessions * 100) > 80 and haproxy_backend_limit_sessions > 0
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy backend max active session > 80% (instance {{ $labels.instance }})
description: "Session limit from backend {{ $labels.proxy }} reached 80% of limit - {{ $value | printf \"%.2f\"}}%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyPendingRequests
expr: sum by (proxy) (haproxy_backend_current_queue) > 0
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy pending requests (instance {{ $labels.instance }})
description: "Some HAProxy requests are pending on {{ $labels.proxy }} - {{ $value | printf \"%.2f\"}}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyRetryHigh
expr: sum by (proxy) (rate(haproxy_backend_retry_warnings_total[1m])) > 10
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy retry high (instance {{ $labels.instance }})
description: "High rate of retry on {{ $labels.proxy }} - {{ $value | printf \"%.2f\"}}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyFrontendSecurityBlockedRequests
expr: sum by (proxy) (rate(haproxy_frontend_denied_connections_total[2m])) > 10
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy frontend security blocked requests (instance {{ $labels.instance }})
description: "HAProxy is blocking requests for security reason\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HAProxyServerHealthcheckFailure
expr: increase(haproxy_server_check_failures_total[1m]) > 2
for: 0m
labels:
severity: warning
annotations:
summary: HAProxy server healthcheck failure (instance {{ $labels.instance }})
description: "Some server healthcheck are failing on {{ $labels.server }} ({{ $value }} in the last 1m)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"

4
clusters/cl01tl/manifests/argocd/Role-argocd-application-controller.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-application-controller
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: application-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- ""

4
clusters/cl01tl/manifests/argocd/Role-argocd-applicationset-controller.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-applicationset-controller
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- argoproj.io

4
clusters/cl01tl/manifests/argocd/Role-argocd-dex-server.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-dex-server
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: dex-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- ""

6
clusters/cl01tl/manifests/argocd/Role-argocd-notifications-controller.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-notifications-controller
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- argoproj.io
@@ -42,7 +42,7 @@ rules:
- apiGroups:
- ""
resourceNames:
- argocd-notifications-ntfy
- argocd-notifications-secret
resources:
- secrets
verbs:

4
clusters/cl01tl/manifests/argocd/Role-argocd-repo-server.yaml
View File

@@ -4,11 +4,11 @@ metadata:
name: argocd-repo-server
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: repo-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:

4
clusters/cl01tl/manifests/argocd/Role-argocd-server.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-server
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
rules:
- apiGroups:
- ""

4
clusters/cl01tl/manifests/argocd/RoleBinding-argocd-application-controller.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: argocd-application-controller
namespace: argocd
labels:
helm.sh/chart: argo-cd-9.5.6
helm.sh/chart: argo-cd-9.1.7
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: argocd
app.kubernetes.io/component: application-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: "v3.3.8"
app.kubernetes.io/version: "v3.2.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role

Some files were not shown because too many files have changed in this diff Show More