--- # Source: argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: argocd-repo-server namespace: argocd labels: helm.sh/chart: argo-cd-9.1.5 app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/instance: argocd app.kubernetes.io/component: repo-server app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: argocd app.kubernetes.io/version: "v3.2.1" spec: replicas: 2 revisionHistoryLimit: 3 selector: matchLabels: app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/instance: argocd template: metadata: annotations: checksum/cmd-params: bf2519278596ec7cee3e61f230a7b6ebbdcc8a5166fe036da04fccfdfa4ac1d1 checksum/cm: b85950385c4567f0f6332e53f51df2bbe58a65f5771ac318c863d1b4e831ff9b checksum/cmp-cm: 889b23506729520737104bb8fb0d94e269ba3ec96a1a0e9ffe5c7bdf1025801c labels: helm.sh/chart: argo-cd-9.1.5 app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/instance: argocd app.kubernetes.io/component: repo-server app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: argocd app.kubernetes.io/version: "v3.2.1" spec: terminationGracePeriodSeconds: 30 serviceAccountName: argocd-repo-server automountServiceAccountToken: true containers: - name: repo-server image: quay.io/argoproj/argocd:v3.2.1 imagePullPolicy: IfNotPresent args: - /usr/local/bin/argocd-repo-server - --port=8081 - --metrics-port=8084 env: - name: ARGOCD_REPO_SERVER_NAME value: argocd-repo-server - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: name: argocd-cm key: timeout.reconciliation optional: true - name: ARGOCD_REPO_SERVER_LOGFORMAT valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.log.format optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.log.level optional: true - name: ARGOCD_LOG_FORMAT_TIMESTAMP valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: log.format.timestamp optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.parallelism.limit optional: true - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.listen.address optional: true - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.metrics.listen.address optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.disable.tls optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.tls.minversion optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.tls.maxversion optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.tls.ciphers optional: true - name: ARGOCD_REPO_CACHE_EXPIRATION valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.repo.cache.expiration optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: redis.server optional: true - name: REDIS_COMPRESSION valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: redis.compression optional: true - name: REDISDB valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: redis.db optional: true - name: REDIS_USERNAME valueFrom: secretKeyRef: name: "argocd-redis" key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: "argocd-redis" # hard-coded in Job command and embedded Redis deployments (standalone and redis-ha) key: auth optional: false # Secret is not optional in this case ! - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: name: argocd-redis-ha-haproxy key: redis-sentinel-username optional: true - name: REDIS_SENTINEL_PASSWORD valueFrom: secretKeyRef: name: argocd-redis-ha-haproxy key: redis-sentinel-password optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.default.cache.expiration optional: true - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: otlp.address optional: true - name: ARGOCD_REPO_SERVER_OTLP_INSECURE valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: otlp.insecure optional: true - name: ARGOCD_REPO_SERVER_OTLP_HEADERS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: otlp.headers optional: true - name: ARGOCD_REPO_SERVER_OTLP_ATTRS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: otlp.attrs optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.max.combined.directory.manifests.size optional: true - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.plugin.tar.exclusions optional: true - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS valueFrom: configMapKeyRef: key: reposerver.plugin.use.manifest.generate.paths name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: key: reposerver.allow.oob.symlinks name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.tar.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.disable.helm.manifest.max.extracted.size optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.git.lsremote.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_REQUEST_TIMEOUT valueFrom: configMapKeyRef: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.oci.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.disable.oci.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES valueFrom: configMapKeyRef: key: reposerver.oci.layer.media.types name: argocd-cmd-params-cm optional: true - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT valueFrom: configMapKeyRef: key: reposerver.revision.cache.lock.timeout name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_ENABLE_BUILTIN_GIT_CONFIG valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: reposerver.enable.builtin.git.config optional: true - name: ARGOCD_GRPC_MAX_SIZE_MB valueFrom: configMapKeyRef: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES valueFrom: configMapKeyRef: key: reposerver.include.hidden.directories name: argocd-cmd-params-cm optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - mountPath: /helm-working-dir name: helm-working-dir - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: tmp ports: - name: repo-server containerPort: 8081 protocol: TCP - name: metrics containerPort: 8084 protocol: TCP livenessProbe: httpGet: path: /healthz?full=true port: metrics initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /healthz port: metrics initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault - command: - /var/run/argocd/argocd-cmp-server image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0 name: cmp-cdk8s securityContext: runAsNonRoot: true runAsUser: 999 volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /home/argocd/cmp-server/config/plugin.yaml name: argocd-cmp-cm subPath: cdk8s.yaml - mountPath: /tmp name: cmp-tmp initContainers: - command: - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server image: quay.io/argoproj/argocd:v3.2.1 imagePullPolicy: IfNotPresent name: copyutil resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /var/run/argocd name: var-files affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server topologyKey: kubernetes.io/hostname nodeSelector: kubernetes.io/os: linux volumes: - configMap: name: argocd-cmp-cm name: argocd-cmp-cm - emptyDir: {} name: cmp-tmp - name: helm-working-dir emptyDir: {} - name: plugins emptyDir: {} - name: var-files emptyDir: {} - name: tmp emptyDir: {} - name: ssh-known-hosts configMap: name: argocd-ssh-known-hosts-cm - name: tls-certs configMap: name: argocd-tls-certs-cm - name: gpg-keys configMap: name: argocd-gpg-keys-cm - name: gpg-keyring emptyDir: {} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls optional: true items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt dnsPolicy: ClusterFirst