apiVersion: apps/v1 kind: Deployment metadata: annotations: argocd.argoproj.io/tracking-id: argocd:apps/Deployment:argocd/argocd-repo-server deployment.kubernetes.io/revision: "27" labels: app.kubernetes.io/component: repo-server app.kubernetes.io/instance: argocd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd app.kubernetes.io/version: v2.12.3 helm.sh/chart: argo-cd-7.5.2 name: argocd-repo-server namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 3 selector: matchLabels: app.kubernetes.io/instance: argocd app.kubernetes.io/name: argocd-repo-server strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/cm: 67d6152e0e3482f9a74a6b570fd32bbec4e7856bffe49f577a2a0d3aeaed6f48 checksum/cmd-params: 69ed50e8936f4d6429dc331f782ad0a7d22eb12c318d6800403040352214b781 creationTimestamp: null labels: app.kubernetes.io/component: repo-server app.kubernetes.io/instance: argocd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd app.kubernetes.io/version: v2.12.3 helm.sh/chart: argo-cd-7.5.2 spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server topologyKey: kubernetes.io/hostname weight: 100 automountServiceAccountToken: true containers: - args: - /usr/local/bin/argocd-repo-server - --port=8081 - --metrics-port=8084 env: - name: ARGOCD_REPO_SERVER_NAME value: argocd-repo-server - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true - name: ARGOCD_REPO_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: reposerver.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: reposerver.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS valueFrom: configMapKeyRef: key: reposerver.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS valueFrom: configMapKeyRef: key: reposerver.metrics.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: reposerver.disable.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: reposerver.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.repo.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDIS_COMPRESSION valueFrom: configMapKeyRef: key: redis.compression name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: REDIS_USERNAME valueFrom: secretKeyRef: key: redis-username name: argocd-redis optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: key: auth name: argocd-redis - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: key: redis-sentinel-username name: argocd-redis optional: true - name: REDIS_SENTINEL_PASSWORD valueFrom: secretKeyRef: key: redis-sentinel-password name: argocd-redis optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.default.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: key: otlp.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_INSECURE valueFrom: configMapKeyRef: key: otlp.insecure name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_HEADERS valueFrom: configMapKeyRef: key: otlp.headers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: key: reposerver.max.combined.directory.manifests.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS valueFrom: configMapKeyRef: key: reposerver.plugin.tar.exclusions name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: key: reposerver.allow.oob.symlinks name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.tar.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.disable.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.git.lsremote.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_REQUEST_TIMEOUT valueFrom: configMapKeyRef: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT valueFrom: configMapKeyRef: key: reposerver.revision.cache.lock.timeout name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES valueFrom: configMapKeyRef: key: reposerver.include.hidden.directories name: argocd-cmd-params-cm optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir image: quay.io/argoproj/argocd:v2.12.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz?full=true port: metrics scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: repo-server ports: - containerPort: 8081 name: repo-server protocol: TCP - containerPort: 8084 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: metrics scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - mountPath: /helm-working-dir name: helm-working-dir - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: tmp - command: - /var/run/argocd/argocd-cmp-server image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest imagePullPolicy: Always name: kustomize-helm-with-rewrite securityContext: runAsNonRoot: true runAsUser: 999 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: cmp-tmp - mountPath: /helm-working-dir name: helm-working-dir - command: - /var/run/argocd/argocd-cmp-server image: registry.gitlab.com/oceanbox/manifests/helm-kustomize-cmp:latest imagePullPolicy: Always name: helm-kustomize-cmp securityContext: runAsNonRoot: true runAsUser: 999 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: cmp-tmp - mountPath: /helm-working-dir name: helm-working-dir - command: - /var/run/argocd/argocd-cmp-server image: registry.gitlab.com/oceanbox/manifests/helmfile-cmp:latest imagePullPolicy: Always name: helmfile-cmp securityContext: runAsNonRoot: true runAsUser: 999 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: cmp-tmp - mountPath: /helm-working-dir name: helm-working-dir dnsPolicy: ClusterFirst imagePullSecrets: - name: gitlab-pull-secret initContainers: - command: - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server image: quay.io/argoproj/argocd:v2.12.3 imagePullPolicy: IfNotPresent name: copyutil securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/argocd name: var-files - command: - /bin/sh - /plugin/init-helm-repos.sh env: - name: OCEANBOX_HELM_ACCESS_TOKEN valueFrom: secretKeyRef: key: token name: oceanbox-helm optional: false image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest imagePullPolicy: Always name: init-helm-repos securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 999 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /helm-working-dir name: helm-working-dir restartPolicy: Always schedulerName: default-scheduler serviceAccount: argocd-repo-server serviceAccountName: argocd-repo-server terminationGracePeriodSeconds: 30 volumes: - name: cmp-tmp - name: helm-working-dir - name: plugins - name: var-files - name: tmp - configMap: defaultMode: 420 name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: defaultMode: 420 name: argocd-tls-certs-cm name: tls-certs - configMap: defaultMode: 420 name: argocd-gpg-keys-cm name: gpg-keys - name: gpg-keyring - name: argocd-repo-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls