apiVersion: apps/v1 kind: Deployment metadata: annotations: argocd.argoproj.io/tracking-id: argocd:apps/Deployment:argocd/argocd-repo-server labels: app.kubernetes.io/component: repo-server app.kubernetes.io/instance: argocd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd app.kubernetes.io/version: v2.10.4 helm.sh/chart: argo-cd-6.7.3 name: argocd-repo-server namespace: argocd spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 3 selector: matchLabels: app.kubernetes.io/instance: argocd app.kubernetes.io/name: argocd-repo-server strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/cm: 3d88c02b8c8e470b75262aae39da4b4bc6f29a02d2a6c7a9e0d44d2d69aa908b checksum/cmd-params: d76791b7d65a3839bc44b46b65ecfecb5be7ac834b4915b0dea1577f524ea687 creationTimestamp: null labels: app.kubernetes.io/component: repo-server app.kubernetes.io/instance: argocd app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd app.kubernetes.io/version: v2.10.4 helm.sh/chart: argo-cd-6.7.3 spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - /usr/local/bin/argocd-repo-server - --port=8081 - --metrics-port=8084 env: - name: ARGOCD_REPO_SERVER_NAME value: argocd-repo-server - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true - name: ARGOCD_REPO_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: reposerver.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: reposerver.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS valueFrom: configMapKeyRef: key: reposerver.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS valueFrom: configMapKeyRef: key: reposerver.metrics.listen.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: reposerver.disable.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: reposerver.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.repo.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDIS_COMPRESSION valueFrom: configMapKeyRef: key: redis.compression name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: REDIS_USERNAME valueFrom: secretKeyRef: key: redis-username name: argocd-redis optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: key: redis-password name: argocd-redis optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.default.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: key: otlp.address name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_INSECURE valueFrom: configMapKeyRef: key: otlp.insecure name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_OTLP_HEADERS valueFrom: configMapKeyRef: key: otlp.headers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: key: reposerver.max.combined.directory.manifests.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS valueFrom: configMapKeyRef: key: reposerver.plugin.tar.exclusions name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: key: reposerver.allow.oob.symlinks name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.tar.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE valueFrom: configMapKeyRef: key: reposerver.disable.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.git.lsremote.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_GIT_REQUEST_TIMEOUT valueFrom: configMapKeyRef: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir image: quay.io/argoproj/argocd:v2.10.4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz?full=true port: metrics scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: repo-server ports: - containerPort: 8081 name: repo-server protocol: TCP - containerPort: 8084 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: metrics scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - mountPath: /helm-working-dir name: helm-working-dir - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: tmp - command: - /var/run/argocd/argocd-cmp-server image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest imagePullPolicy: Always name: kustomize-helm-with-rewrite resources: {} securityContext: runAsNonRoot: true runAsUser: 999 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: cmp-tmp - mountPath: /helm-working-dir name: helm-working-dir dnsPolicy: ClusterFirst imagePullSecrets: - name: gitlab-pull-secret initContainers: - command: - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server image: quay.io/argoproj/argocd:v2.10.4 imagePullPolicy: IfNotPresent name: copyutil resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/argocd name: var-files - command: - /bin/sh - /plugin/init-helm-repos.sh image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest imagePullPolicy: Always name: init-helm-repos resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 999 runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File env: - name: OCEANBOX_HELM_ACCESS_TOKEN valueFrom: secretKeyRef: key: token name: oceanbox-helm optional: false volumeMounts: - mountPath: /helm-working-dir name: helm-working-dir restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: argocd-repo-server serviceAccountName: argocd-repo-server terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: cmp-tmp - emptyDir: {} name: helm-working-dir - emptyDir: {} name: plugins - emptyDir: {} name: var-files - emptyDir: {} name: tmp - configMap: defaultMode: 420 name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: defaultMode: 420 name: argocd-tls-certs-cm name: tls-certs - configMap: defaultMode: 420 name: argocd-gpg-keys-cm name: gpg-keys - emptyDir: {} name: gpg-keyring - name: argocd-repo-server-tls secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls