kubernetes-sigs / kustomize

Customization of kubernetes YAML configurations
Apache License 2.0
11.05k stars 2.25k forks source link

Kustomize build fails pulling remote resource on GitHub with 404 #4455

Closed dlowrey closed 2 years ago

dlowrey commented 2 years ago

Describe the bug A few days ago our automated builds started failing with the following error:

Error: accumulating resources: accumulating resources from 'https://github.com/argoproj/argo-cd/manifests/ha/cluster-install?ref=v2.1.0': HTTP Error: status code 404 (Not Found)

After some investigation I discovered that the builds start working again if I pin the installation of Kustomize in our CI/CD environment to v4.4.1. It appears that v4.5.0 and v4.5.1 have some changes that break our use of remote resources in our kustomization.yaml files.

Files that can reproduce the issue

Running kustomize build with Kustomize v4.5.0+ on a kustomization.yaml with the following contents will reproduce the issue:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
  - https://github.com/argoproj/argo-cd/manifests/ha/cluster-install?ref=v2.1.0

Expected output The expected output can be obtained by running the example above with Kustomize v4.4.1.

Expected output (warning, long)

apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: app.kubernetes.io/name: applications.argoproj.io app.kubernetes.io/part-of: argocd name: applications.argoproj.io spec: group: argoproj.io names: kind: Application listKind: ApplicationList plural: applications shortNames: - app - apps singular: application scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.sync.status name: Sync Status type: string - jsonPath: .status.health.status name: Health Status type: string - jsonPath: .status.sync.revision name: Revision priority: 10 type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object operation: description: Operation contains information about a requested or running operation properties: info: description: Info is a list of informational items for this operation items: properties: name: type: string value: type: string required: - name - value type: object type: array initiatedBy: description: InitiatedBy contains information about who initiated the operations properties: automated: description: Automated is set to true if operation was initiated automatically by the application controller. type: boolean username: description: Username contains the name of a user who started operation type: string type: object retry: description: Retry controls the strategy to apply if a sync fails properties: backoff: description: Backoff controls how to backoff on subsequent retries of failed syncs properties: duration: description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") type: string factor: description: Factor is a factor to multiply the base duration after each failed retry format: int64 type: integer maxDuration: description: MaxDuration is the maximum amount of time allowed for the backoff strategy type: string type: object limit: description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. format: int64 type: integer type: object sync: description: Sync contains parameters for the operation properties: dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync type: boolean manifests: description: Manifests is an optional field that overrides sync source with a local directory for development items: type: string type: array prune: description: Prune specifies to delete resources from the cluster that are no longer tracked in git type: boolean resources: description: Resources describes which resources shall be part of the sync items: description: SyncOperationResource contains resources to sync. properties: group: type: string kind: type: string name: type: string namespace: type: string required: - kind - name type: object type: array revision: description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. type: string source: description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation type: string include: description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array libs: description: Additional library search dirs items: type: string type: array tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array type: object recurse: description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: description: Helm holds helm specific options properties: fileParameters: description: FileParameters are file parameters to the helm template items: description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: description: Name is the name of the Helm parameter type: string path: description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: description: Name is the name of the Helm parameter type: string value: description: Value is the value for the Helm parameter type: string type: object type: array releaseName: description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template items: type: string type: array values: description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options properties: environment: description: Environment is a ksonnet application environment name type: string parameters: description: Parameters are a list of ksonnet component parameter override values items: description: KsonnetParameter is a ksonnet component parameter properties: component: type: string name: type: string value: type: string required: - name - value type: object type: array type: object kustomize: description: Kustomize holds kustomize specific options properties: commonAnnotations: additionalProperties: type: string description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps type: boolean forceCommonLabels: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean images: description: Images is a list of Kustomize image override specifications items: description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries items: description: EnvEntry represents an entry in the application's environment properties: name: description: Name is the name of the variable, usually expressed in uppercase type: string value: description: Value is the value of the variable type: string required: - name - value type: object type: array name: type: string type: object repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object syncOptions: description: SyncOptions provide per-sync sync-options, e.g. Validate=false items: type: string type: array syncStrategy: description: SyncStrategy describes how to perform the sync properties: apply: description: Apply will perform a `kubectl apply` to perform the sync. properties: force: description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. type: boolean type: object hook: description: Hook will submit any referenced resources to perform the sync. This is the default strategy properties: force: description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. type: boolean type: object type: object type: object type: object spec: description: ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision. properties: destination: description: Destination is a reference to the target Kubernetes server and namespace properties: name: description: Name is an alternate way of specifying the target cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: description: IgnoreDifferences is a list of resources and their fields which should be ignored during comparison items: description: ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state. properties: group: type: string jqPathExpressions: items: type: string type: array jsonPointers: items: type: string type: array kind: type: string name: type: string namespace: type: string required: - kind type: object type: array info: description: Info contains a list of information (URLs, email addresses, and plain text) that relates to the application items: properties: name: type: string value: type: string required: - name - value type: object type: array project: description: Project is a reference to the project this application belongs to. The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: description: RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. format: int64 type: integer source: description: Source is a reference to the location of the application's manifests or chart properties: chart: description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation type: string include: description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array libs: description: Additional library search dirs items: type: string type: array tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array type: object recurse: description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: description: Helm holds helm specific options properties: fileParameters: description: FileParameters are file parameters to the helm template items: description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: description: Name is the name of the Helm parameter type: string path: description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: description: Name is the name of the Helm parameter type: string value: description: Value is the value for the Helm parameter type: string type: object type: array releaseName: description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template items: type: string type: array values: description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options properties: environment: description: Environment is a ksonnet application environment name type: string parameters: description: Parameters are a list of ksonnet component parameter override values items: description: KsonnetParameter is a ksonnet component parameter properties: component: type: string name: type: string value: type: string required: - name - value type: object type: array type: object kustomize: description: Kustomize holds kustomize specific options properties: commonAnnotations: additionalProperties: type: string description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps type: boolean forceCommonLabels: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean images: description: Images is a list of Kustomize image override specifications items: description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries items: description: EnvEntry represents an entry in the application's environment properties: name: description: Name is the name of the variable, usually expressed in uppercase type: string value: description: Value is the value of the variable type: string required: - name - value type: object type: array name: type: string type: object repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object syncPolicy: description: SyncPolicy controls when and how a sync will be performed properties: automated: description: Automated will keep an application synced to the target revision properties: allowEmpty: description: 'AllowEmpty allows apps have zero live resources (default: false)' type: boolean prune: description: 'Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)' type: boolean selfHeal: description: 'SelfHeal specifes whether to revert resources back to their desired state upon modification in the cluster (default: false)' type: boolean type: object retry: description: Retry controls failed sync retry behavior properties: backoff: description: Backoff controls how to backoff on subsequent retries of failed syncs properties: duration: description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") type: string factor: description: Factor is a factor to multiply the base duration after each failed retry format: int64 type: integer maxDuration: description: MaxDuration is the maximum amount of time allowed for the backoff strategy type: string type: object limit: description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. format: int64 type: integer type: object syncOptions: description: Options allow you to specify whole app sync-options items: type: string type: array type: object required: - destination - project - source type: object status: description: ApplicationStatus contains status information for the application properties: conditions: description: Conditions is a list of currently observed application conditions items: description: ApplicationCondition contains details about an application condition, which is usally an error or warning properties: lastTransitionTime: description: LastTransitionTime is the time the condition was last observed format: date-time type: string message: description: Message contains human-readable message indicating details about condition type: string type: description: Type is an application condition type type: string required: - message - type type: object type: array health: description: Health contains information about the application's current health status properties: message: description: Message is a human-readable informational message describing the health status type: string status: description: Status holds the status code of the application or resource type: string type: object history: description: History contains information about the application's sync history items: description: RevisionHistory contains history information about a previous sync properties: deployStartedAt: description: DeployStartedAt holds the time the sync operation started format: date-time type: string deployedAt: description: DeployedAt holds the time the sync operation completed format: date-time type: string id: description: ID is an auto incrementing identifier of the RevisionHistory format: int64 type: integer revision: description: Revision holds the revision the sync was performed against type: string source: description: Source is a reference to the application source used for the sync operation properties: chart: description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation type: string include: description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array libs: description: Additional library search dirs items: type: string type: array tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array type: object recurse: description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: description: Helm holds helm specific options properties: fileParameters: description: FileParameters are file parameters to the helm template items: description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: description: Name is the name of the Helm parameter type: string path: description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: description: Name is the name of the Helm parameter type: string value: description: Value is the value for the Helm parameter type: string type: object type: array releaseName: description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template items: type: string type: array values: description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options properties: environment: description: Environment is a ksonnet application environment name type: string parameters: description: Parameters are a list of ksonnet component parameter override values items: description: KsonnetParameter is a ksonnet component parameter properties: component: type: string name: type: string value: type: string required: - name - value type: object type: array type: object kustomize: description: Kustomize holds kustomize specific options properties: commonAnnotations: additionalProperties: type: string description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps type: boolean forceCommonLabels: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean images: description: Images is a list of Kustomize image override specifications items: description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries items: description: EnvEntry represents an entry in the application's environment properties: name: description: Name is the name of the variable, usually expressed in uppercase type: string value: description: Value is the value of the variable type: string required: - name - value type: object type: array name: type: string type: object repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object required: - deployedAt - id - revision type: object type: array observedAt: description: 'ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field' format: date-time type: string operationState: description: OperationState contains information about any ongoing operations, such as a sync properties: finishedAt: description: FinishedAt contains time of operation completion format: date-time type: string message: description: Message holds any pertinent messages when attempting to perform operation (typically errors). type: string operation: description: Operation is the original requested operation properties: info: description: Info is a list of informational items for this operation items: properties: name: type: string value: type: string required: - name - value type: object type: array initiatedBy: description: InitiatedBy contains information about who initiated the operations properties: automated: description: Automated is set to true if operation was initiated automatically by the application controller. type: boolean username: description: Username contains the name of a user who started operation type: string type: object retry: description: Retry controls the strategy to apply if a sync fails properties: backoff: description: Backoff controls how to backoff on subsequent retries of failed syncs properties: duration: description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") type: string factor: description: Factor is a factor to multiply the base duration after each failed retry format: int64 type: integer maxDuration: description: MaxDuration is the maximum amount of time allowed for the backoff strategy type: string type: object limit: description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. format: int64 type: integer type: object sync: description: Sync contains parameters for the operation properties: dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync type: boolean manifests: description: Manifests is an optional field that overrides sync source with a local directory for development items: type: string type: array prune: description: Prune specifies to delete resources from the cluster that are no longer tracked in git type: boolean resources: description: Resources describes which resources shall be part of the sync items: description: SyncOperationResource contains resources to sync. properties: group: type: string kind: type: string name: type: string namespace: type: string required: - kind - name type: object type: array revision: description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. type: string source: description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation type: string include: description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array libs: description: Additional library search dirs items: type: string type: array tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array type: object recurse: description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: description: Helm holds helm specific options properties: fileParameters: description: FileParameters are file parameters to the helm template items: description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: description: Name is the name of the Helm parameter type: string path: description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: description: Name is the name of the Helm parameter type: string value: description: Value is the value for the Helm parameter type: string type: object type: array releaseName: description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template items: type: string type: array values: description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options properties: environment: description: Environment is a ksonnet application environment name type: string parameters: description: Parameters are a list of ksonnet component parameter override values items: description: KsonnetParameter is a ksonnet component parameter properties: component: type: string name: type: string value: type: string required: - name - value type: object type: array type: object kustomize: description: Kustomize holds kustomize specific options properties: commonAnnotations: additionalProperties: type: string description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps type: boolean forceCommonLabels: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean images: description: Images is a list of Kustomize image override specifications items: description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries items: description: EnvEntry represents an entry in the application's environment properties: name: description: Name is the name of the variable, usually expressed in uppercase type: string value: description: Value is the value of the variable type: string required: - name - value type: object type: array name: type: string type: object repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object syncOptions: description: SyncOptions provide per-sync sync-options, e.g. Validate=false items: type: string type: array syncStrategy: description: SyncStrategy describes how to perform the sync properties: apply: description: Apply will perform a `kubectl apply` to perform the sync. properties: force: description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. type: boolean type: object hook: description: Hook will submit any referenced resources to perform the sync. This is the default strategy properties: force: description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. type: boolean type: object type: object type: object type: object phase: description: Phase is the current phase of the operation type: string retryCount: description: RetryCount contains time of operation retries format: int64 type: integer startedAt: description: StartedAt contains time of operation start format: date-time type: string syncResult: description: SyncResult is the result of a Sync operation properties: resources: description: Resources contains a list of sync result items for each individual resource in a sync operation items: description: ResourceResult holds the operation result details of a specific resource properties: group: description: Group specifies the API group of the resource type: string hookPhase: description: HookPhase contains the state of any operation associated with this resource OR hook This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. Empty for non-hook resources type: string kind: description: Kind specifies the API kind of the resource type: string message: description: Message contains an informational or error message for the last sync OR operation type: string name: description: Name specifies the name of the resource type: string namespace: description: Namespace specifies the target namespace of the resource type: string status: description: Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks type: string syncPhase: description: SyncPhase indicates the particular phase of the sync that this result was acquired in type: string version: description: Version specifies the API version of the resource type: string required: - group - kind - name - namespace - version type: object type: array revision: description: Revision holds the revision this sync operation was performed to type: string source: description: Source records the application source information of the sync, used for comparing auto-sync properties: chart: description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation type: string include: description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array libs: description: Additional library search dirs items: type: string type: array tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array type: object recurse: description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: description: Helm holds helm specific options properties: fileParameters: description: FileParameters are file parameters to the helm template items: description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: description: Name is the name of the Helm parameter type: string path: description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: description: Name is the name of the Helm parameter type: string value: description: Value is the value for the Helm parameter type: string type: object type: array releaseName: description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template items: type: string type: array values: description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options properties: environment: description: Environment is a ksonnet application environment name type: string parameters: description: Parameters are a list of ksonnet component parameter override values items: description: KsonnetParameter is a ksonnet component parameter properties: component: type: string name: type: string value: type: string required: - name - value type: object type: array type: object kustomize: description: Kustomize holds kustomize specific options properties: commonAnnotations: additionalProperties: type: string description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps type: boolean forceCommonLabels: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean images: description: Images is a list of Kustomize image override specifications items: description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries items: description: EnvEntry represents an entry in the application's environment properties: name: description: Name is the name of the variable, usually expressed in uppercase type: string value: description: Value is the value of the variable type: string required: - name - value type: object type: array name: type: string type: object repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object required: - revision type: object required: - operation - phase - startedAt type: object reconciledAt: description: ReconciledAt indicates when the application state was reconciled using the latest git version format: date-time type: string resources: description: Resources is a list of Kubernetes resources managed by this application items: description: 'ResourceStatus holds the current sync and health status of a resource TODO: describe members of this type' properties: group: type: string health: description: HealthStatus contains information about the currently observed health state of an application or resource properties: message: description: Message is a human-readable informational message describing the health status type: string status: description: Status holds the status code of the application or resource type: string type: object hook: type: boolean kind: type: string name: type: string namespace: type: string requiresPruning: type: boolean status: description: SyncStatusCode is a type which represents possible comparison results type: string version: type: string type: object type: array sourceType: description: SourceType specifies the type of this application type: string summary: description: Summary contains a list of URLs and container images used by this application properties: externalURLs: description: ExternalURLs holds all external URLs of application child resources. items: type: string type: array images: description: Images holds all images of application child resources. items: type: string type: array type: object sync: description: Sync contains information about the application's current sync status properties: comparedTo: description: ComparedTo contains information about what has been compared properties: destination: description: Destination is a reference to the application's destination used for comparison properties: name: description: Name is an alternate way of specifying the target cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API type: string type: object source: description: Source is a reference to the application's source used for comparison properties: chart: description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation type: string include: description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array libs: description: Additional library search dirs items: type: string type: array tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean name: type: string value: type: string required: - name - value type: object type: array type: object recurse: description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: description: Helm holds helm specific options properties: fileParameters: description: FileParameters are file parameters to the helm template items: description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: description: Name is the name of the Helm parameter type: string path: description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: description: Name is the name of the Helm parameter type: string value: description: Value is the value for the Helm parameter type: string type: object type: array releaseName: description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template items: type: string type: array values: description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options properties: environment: description: Environment is a ksonnet application environment name type: string parameters: description: Parameters are a list of ksonnet component parameter override values items: description: KsonnetParameter is a ksonnet component parameter properties: component: type: string name: type: string value: type: string required: - name - value type: object type: array type: object kustomize: description: Kustomize holds kustomize specific options properties: commonAnnotations: additionalProperties: type: string description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps type: boolean forceCommonLabels: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean images: description: Images is a list of Kustomize image override specifications items: description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries items: description: EnvEntry represents an entry in the application's environment properties: name: description: Name is the name of the variable, usually expressed in uppercase type: string value: description: Value is the value of the variable type: string required: - name - value type: object type: array name: type: string type: object repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object required: - destination - source type: object revision: description: Revision contains information about the revision the comparison has been performed to type: string status: description: Status is the sync state of the comparison type: string required: - status type: object type: object required: - metadata - spec type: object served: true storage: true subresources: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd name: appprojects.argoproj.io spec: group: argoproj.io names: kind: AppProject listKind: AppProjectList plural: appprojects shortNames: - appproj - appprojs singular: appproject scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)' properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: AppProjectSpec is the specification of an AppProject properties: clusterResourceBlacklist: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types properties: group: type: string kind: type: string required: - group - kind type: object type: array clusterResourceWhitelist: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types properties: group: type: string kind: type: string required: - group - kind type: object type: array description: description: Description contains optional project description type: string destinations: description: Destinations contains list of destinations available for deployment items: description: ApplicationDestination holds information about the application's destination properties: name: description: Name is an alternate way of specifying the target cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API type: string type: object type: array namespaceResourceBlacklist: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types properties: group: type: string kind: type: string required: - group - kind type: object type: array namespaceResourceWhitelist: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types properties: group: type: string kind: type: string required: - group - kind type: object type: array orphanedResources: description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project properties: ignore: description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring items: description: OrphanedResourceKey is a reference to a resource to be ignored from properties: group: type: string kind: type: string name: type: string type: object type: array warn: description: Warn indicates if warning condition should be created for apps which have orphaned resources type: boolean type: object roles: description: Roles are user defined RBAC roles associated with this project items: description: ProjectRole represents a role that has access to a project properties: description: description: Description is a description of the role type: string groups: description: Groups are a list of OIDC group claims bound to this role items: type: string type: array jwtTokens: description: JWTTokens are a list of generated JWT tokens bound to this role items: description: JWTToken holds the issuedAt and expiresAt values of a token properties: exp: format: int64 type: integer iat: format: int64 type: integer id: type: string required: - iat type: object type: array name: description: Name is a name for this role type: string policies: description: Policies Stores a list of casbin formatted strings that define access policies for the role in the project items: type: string type: array required: - name type: object type: array signatureKeys: description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync items: description: SignatureKey is the specification of a key required to verify commit signatures with properties: keyID: description: The ID of the key in hexadecimal notation type: string required: - keyID type: object type: array sourceRepos: description: SourceRepos contains list of repository URLs which can be used for deployment items: type: string type: array syncWindows: description: SyncWindows controls when syncs can be run for apps in this project items: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: applications: description: Applications contains a list of applications that the window will apply to items: type: string type: array clusters: description: Clusters contains a list of clusters that the window will apply to items: type: string type: array duration: description: Duration is the amount of time the sync window will be open type: string kind: description: Kind defines if the window allows or blocks syncs type: string manualSync: description: ManualSync enables manual syncs when they would otherwise be blocked type: boolean namespaces: description: Namespaces contains a list of namespaces that the window will apply to items: type: string type: array schedule: description: Schedule is the time the window will begin, specified in cron format type: string type: object type: array type: object status: description: AppProjectStatus contains status information for AppProject CRs properties: jwtTokensByRole: additionalProperties: description: JWTTokens represents a list of JWT tokens properties: items: items: description: JWTToken holds the issuedAt and expiresAt values of a token properties: exp: format: int64 type: integer iat: format: int64 type: integer id: type: string required: - iat type: object type: array type: object description: JWTTokensByRole contains a list of JWT tokens issued for a given role type: object type: object required: - metadata - spec type: object served: true storage: true --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: application-controller app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: dex-server app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha-haproxy app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: application-controller app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller rules: - apiGroups: - "" resources: - secrets - configmaps verbs: - get - list - watch - apiGroups: - argoproj.io resources: - applications - appprojects verbs: - create - get - list - watch - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: dex-server app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server rules: - apiGroups: - "" resources: - secrets - configmaps verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha rules: - apiGroups: - "" resources: - endpoints verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app: redis-ha chart: redis-ha-4.12.15 component: argocd-redis-ha-haproxy heritage: Helm release: argocd name: argocd-redis-ha-haproxy rules: - apiGroups: - "" resources: - endpoints verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server rules: - apiGroups: - "" resources: - secrets - configmaps verbs: - create - get - list - watch - update - patch - delete - apiGroups: - argoproj.io resources: - applications - appprojects verbs: - create - get - list - watch - update - delete - patch - apiGroups: - "" resources: - events verbs: - create - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/component: application-controller app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller rules: - apiGroups: - '*' resources: - '*' verbs: - '*' - nonResourceURLs: - '*' verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server rules: - apiGroups: - '*' resources: - '*' verbs: - delete - get - patch - apiGroups: - "" resources: - events verbs: - list - apiGroups: - "" resources: - pods - pods/log verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: application-controller app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: argocd-application-controller subjects: - kind: ServiceAccount name: argocd-application-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: dex-server app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: argocd-dex-server subjects: - kind: ServiceAccount name: argocd-dex-server --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: argocd-redis-ha subjects: - kind: ServiceAccount name: argocd-redis-ha --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app: redis-ha chart: redis-ha-4.12.15 component: argocd-redis-ha-haproxy heritage: Helm release: argocd name: argocd-redis-ha-haproxy roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: argocd-redis-ha-haproxy subjects: - kind: ServiceAccount name: argocd-redis-ha-haproxy --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: argocd-server subjects: - kind: ServiceAccount name: argocd-server --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/component: application-controller app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: argocd-application-controller subjects: - kind: ServiceAccount name: argocd-application-controller namespace: argocd --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: argocd-server subjects: - kind: ServiceAccount name: argocd-server namespace: argocd --- apiVersion: v1 kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-cm app.kubernetes.io/part-of: argocd name: argocd-cm --- apiVersion: v1 kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-cmd-params-cm app.kubernetes.io/part-of: argocd name: argocd-cmd-params-cm --- apiVersion: v1 kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-gpg-keys-cm app.kubernetes.io/part-of: argocd name: argocd-gpg-keys-cm --- apiVersion: v1 kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-rbac-cm app.kubernetes.io/part-of: argocd name: argocd-rbac-cm --- apiVersion: v1 data: haproxy.cfg: | defaults REDIS mode tcp timeout connect 4s timeout server 6m timeout client 6m timeout check 2s listen health_check_http_url bind :8888 mode http monitor-uri /healthz option dontlognull # Check Sentinel and whether they are nominated master backend check_if_redis_is_master_0 mode tcp option tcp-check tcp-check connect tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE0 tcp-check send QUIT\r\n tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s # Check Sentinel and whether they are nominated master backend check_if_redis_is_master_1 mode tcp option tcp-check tcp-check connect tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE1 tcp-check send QUIT\r\n tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s # Check Sentinel and whether they are nominated master backend check_if_redis_is_master_2 mode tcp option tcp-check tcp-check connect tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n tcp-check expect string REPLACE_ANNOUNCE2 tcp-check send QUIT\r\n tcp-check expect string +OK server R0 argocd-redis-ha-announce-0:26379 check inter 3s server R1 argocd-redis-ha-announce-1:26379 check inter 3s server R2 argocd-redis-ha-announce-2:26379 check inter 3s # decide redis backend to use #master frontend ft_redis_master bind *:6379 use_backend bk_redis_master # Check all redis servers to see if they think they are master backend bk_redis_master mode tcp option tcp-check tcp-check connect tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send info\ replication\r\n tcp-check expect string role:master tcp-check send QUIT\r\n tcp-check expect string +OK use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 } server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1 use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 } server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise 1 use-server R2 if { srv_is_up(R2) } { nbsrv(check_if_redis_is_master_2) ge 2 } server R2 argocd-redis-ha-announce-2:6379 check inter 3s fall 1 rise 1 haproxy_init.sh: | HAPROXY_CONF=/data/haproxy.cfg cp /readonly/haproxy.cfg "$HAPROXY_CONF" for loop in $(seq 1 10); do getent hosts argocd-redis-ha-announce-0 && break echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1 done ANNOUNCE_IP0=$(getent hosts "argocd-redis-ha-announce-0" | awk '{ print $1 }') if [ -z "$ANNOUNCE_IP0" ]; then echo "Could not resolve the announce ip for argocd-redis-ha-announce-0" exit 1 fi sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF" if [ "${AUTH:-}" ]; then echo "Setting auth values" ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g'); sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF" fi for loop in $(seq 1 10); do getent hosts argocd-redis-ha-announce-1 && break echo "Waiting for service argocd-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1 done ANNOUNCE_IP1=$(getent hosts "argocd-redis-ha-announce-1" | awk '{ print $1 }') if [ -z "$ANNOUNCE_IP1" ]; then echo "Could not resolve the announce ip for argocd-redis-ha-announce-1" exit 1 fi sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF" if [ "${AUTH:-}" ]; then echo "Setting auth values" ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g'); sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF" fi for loop in $(seq 1 10); do getent hosts argocd-redis-ha-announce-2 && break echo "Waiting for service argocd-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1 done ANNOUNCE_IP2=$(getent hosts "argocd-redis-ha-announce-2" | awk '{ print $1 }') if [ -z "$ANNOUNCE_IP2" ]; then echo "Could not resolve the announce ip for argocd-redis-ha-announce-2" exit 1 fi sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF" if [ "${AUTH:-}" ]; then echo "Setting auth values" ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g'); sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF" fi init.sh: | echo "$(date) Start..." HOSTNAME="$(hostname)" INDEX="${HOSTNAME##*-}" SENTINEL_PORT=26379 MASTER='' MASTER_GROUP="argocd" QUORUM="2" REDIS_CONF=/data/conf/redis.conf REDIS_PORT=6379 REDIS_TLS_PORT= SENTINEL_CONF=/data/conf/sentinel.conf SENTINEL_TLS_PORT= SERVICE=argocd-redis-ha SENTINEL_TLS_REPLICATION_ENABLED=false REDIS_TLS_REPLICATION_ENABLED=false set -eu sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' fi set -e } sentinel_get_master_retry() { master='' retry=${1} sleep=3 for i in $(seq 1 "${retry}"); do master=$(sentinel_get_master) if [ -n "${master}" ]; then break fi sleep $((sleep + i)) done echo "${master}" } identify_master() { echo "Identifying redis master (get-master-addr-by-name).." echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)" echo " $(date).." MASTER="$(sentinel_get_master_retry 3)" if [ -n "${MASTER}" ]; then echo " $(date) Found redis master (${MASTER})" else echo " $(date) Did not find redis master (${MASTER})" fi } sentinel_update() { echo "Updating sentinel config.." echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then echo " redis master (${1}:${REDIS_TLS_PORT})" sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" else echo " redis master (${1}:${REDIS_PORT})" sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" fi echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} if [ "$SENTINEL_PORT" -eq 0 ]; then echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} else echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} fi } redis_update() { echo "Updating redis config.." if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} else echo " we are slave of redis master (${1}:${REDIS_PORT})" echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} fi echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} } copy_config() { echo "Copying default redis config.." echo " to '${REDIS_CONF}'" cp /readonly-config/redis.conf "${REDIS_CONF}" echo "Copying default sentinel config.." echo " to '${SENTINEL_CONF}'" cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" } setup_defaults() { echo "Setting up defaults.." echo " using statefulset index (${INDEX})" if [ "${INDEX}" = "0" ]; then echo "Setting this pod as master for redis and sentinel.." echo " using announce (${ANNOUNCE_IP})" redis_update "${ANNOUNCE_IP}" sentinel_update "${ANNOUNCE_IP}" echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" else echo "Getting redis master ip.." echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" if [ -z "${DEFAULT_MASTER}" ]; then echo "Error: Unable to resolve redis master (getent hosts)." exit 1 fi echo "Setting default slave config for redis and sentinel.." echo " using master ip (${DEFAULT_MASTER})" redis_update "${DEFAULT_MASTER}" sentinel_update "${DEFAULT_MASTER}" fi } redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping fi set -e } redis_ping_retry() { ping='' retry=${1} sleep=3 for i in $(seq 1 "${retry}"); do if [ "$(redis_ping)" = "PONG" ]; then ping='PONG' break fi sleep $((sleep + i)) MASTER=$(sentinel_get_master) done echo "${ping}" } find_master() { echo "Verifying redis master.." if [ "$REDIS_PORT" -eq 0 ]; then echo " ping (${MASTER}:${REDIS_TLS_PORT})" else echo " ping (${MASTER}:${REDIS_PORT})" fi echo " $(date).." if [ "$(redis_ping_retry 3)" != "PONG" ]; then echo " $(date) Can't ping redis master (${MASTER})" echo "Attempting to force failover (sentinel failover).." if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" echo " $(date).." if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults return 0 fi else echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" echo " $(date).." if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults return 0 fi fi echo "Hold on for 10sec" sleep 10 echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." if [ "$SENTINEL_PORT" -eq 0 ]; then echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" else echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" fi echo " $(date).." MASTER="$(sentinel_get_master)" if [ "${MASTER}" ]; then echo " $(date) Found redis master (${MASTER})" echo "Updating redis and sentinel config.." sentinel_update "${MASTER}" redis_update "${MASTER}" else echo "$(date) Error: Could not failover, exiting..." exit 1 fi else echo " $(date) Found reachable redis master (${MASTER})" echo "Updating redis and sentinel config.." sentinel_update "${MASTER}" redis_update "${MASTER}" fi } redis_ro_update() { echo "Updating read-only redis config.." echo " redis.conf set 'replica-priority 0'" echo "replica-priority 0" >> ${REDIS_CONF} } getent_hosts() { index=${1:-${INDEX}} service="${SERVICE}-announce-${index}" pod="${SERVICE}-server-${index}" host=$(getent hosts "${service}") if [ -z "${host}" ]; then host=$(getent hosts "${pod}") fi echo "${host}" } mkdir -p /data/conf/ echo "Initializing config.." copy_config # where is redis master identify_master echo "Identify announce ip for this pod.." echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') echo " identified announce (${ANNOUNCE_IP})" if [ -z "${ANNOUNCE_IP}" ]; then "Error: Could not resolve the announce ip for this pod." exit 1 elif [ "${MASTER}" ]; then find_master else setup_defaults fi if [ "${AUTH:-}" ]; then echo "Setting redis auth values.." ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g'); sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}" fi if [ "${SENTINELAUTH:-}" ]; then echo "Setting sentinel auth values" ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g'); sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF" fi echo "$(date) Ready..." redis.conf: | dir "/data" port 6379 bind 0.0.0.0 maxmemory 0 maxmemory-policy volatile-lru min-replicas-max-lag 5 min-replicas-to-write 1 rdbchecksum yes rdbcompression yes repl-diskless-sync yes save "" sentinel.conf: | dir "/data" port 26379 bind 0.0.0.0 sentinel down-after-milliseconds argocd 10000 sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 kind: ConfigMap metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-configmap --- apiVersion: v1 data: redis_liveness.sh: | response=$( redis-cli \ -h localhost \ -p 6379 \ ping ) if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then echo "$response" exit 1 fi echo "response=$response" redis_readiness.sh: | response=$( redis-cli \ -h localhost \ -p 6379 \ ping ) if [ "$response" != "PONG" ] ; then echo "$response" exit 1 fi echo "response=$response" sentinel_liveness.sh: | response=$( redis-cli \ -h localhost \ -p 26379 \ ping ) if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi echo "response=$response" kind: ConfigMap metadata: labels: app: argocd-redis-ha chart: redis-ha-4.12.15 heritage: Helm release: argocd name: argocd-redis-ha-health-configmap --- apiVersion: v1 data: ssh_known_hosts: | bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-ssh-known-hosts-cm app.kubernetes.io/part-of: argocd name: argocd-ssh-known-hosts-cm --- apiVersion: v1 data: null kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-tls-certs-cm app.kubernetes.io/part-of: argocd name: argocd-tls-certs-cm --- apiVersion: v1 kind: Secret metadata: labels: app.kubernetes.io/name: argocd-secret app.kubernetes.io/part-of: argocd name: argocd-secret type: Opaque --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: dex-server app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server spec: ports: - name: http port: 5556 protocol: TCP targetPort: 5556 - name: grpc port: 5557 protocol: TCP targetPort: 5557 - name: metrics port: 5558 protocol: TCP targetPort: 5558 selector: app.kubernetes.io/name: argocd-dex-server --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: metrics app.kubernetes.io/name: argocd-metrics app.kubernetes.io/part-of: argocd name: argocd-metrics spec: ports: - name: metrics port: 8082 protocol: TCP targetPort: 8082 selector: app.kubernetes.io/name: argocd-application-controller --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha spec: clusterIP: None ports: - name: tcp-server port: 6379 protocol: TCP targetPort: redis - name: tcp-sentinel port: 26379 protocol: TCP targetPort: sentinel selector: app.kubernetes.io/name: argocd-redis-ha type: ClusterIP --- apiVersion: v1 kind: Service metadata: annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-announce-0 spec: ports: - name: tcp-server port: 6379 protocol: TCP targetPort: redis - name: tcp-sentinel port: 26379 protocol: TCP targetPort: sentinel publishNotReadyAddresses: true selector: app.kubernetes.io/name: argocd-redis-ha statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-0 type: ClusterIP --- apiVersion: v1 kind: Service metadata: annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-announce-1 spec: ports: - name: tcp-server port: 6379 protocol: TCP targetPort: redis - name: tcp-sentinel port: 26379 protocol: TCP targetPort: sentinel publishNotReadyAddresses: true selector: app.kubernetes.io/name: argocd-redis-ha statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-1 type: ClusterIP --- apiVersion: v1 kind: Service metadata: annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-announce-2 spec: ports: - name: tcp-server port: 6379 protocol: TCP targetPort: redis - name: tcp-sentinel port: 26379 protocol: TCP targetPort: sentinel publishNotReadyAddresses: true selector: app.kubernetes.io/name: argocd-redis-ha statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-2 type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha-haproxy app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy spec: ports: - name: tcp-haproxy port: 6379 protocol: TCP targetPort: redis selector: app.kubernetes.io/name: argocd-redis-ha-haproxy type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: repo-server app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd name: argocd-repo-server spec: ports: - name: server port: 8081 protocol: TCP targetPort: 8081 - name: metrics port: 8084 protocol: TCP targetPort: 8084 selector: app.kubernetes.io/name: argocd-repo-server --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 - name: https port: 443 protocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: argocd-server --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server-metrics app.kubernetes.io/part-of: argocd name: argocd-server-metrics spec: ports: - name: metrics port: 8083 protocol: TCP targetPort: 8083 selector: app.kubernetes.io/name: argocd-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: dex-server app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server spec: selector: matchLabels: app.kubernetes.io/name: argocd-dex-server template: metadata: labels: app.kubernetes.io/name: argocd-dex-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 containers: - command: - /shared/argocd-dex - rundex image: ghcr.io/dexidp/dex:v2.27.0 imagePullPolicy: Always name: dex ports: - containerPort: 5556 - containerPort: 5557 - containerPort: 5558 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /shared name: static-files - mountPath: /tmp name: dexconfig initContainers: - command: - cp - -n - /usr/local/bin/argocd - /shared/argocd-dex image: quay.io/argoproj/argocd:v2.1.0 imagePullPolicy: Always name: copyutil volumeMounts: - mountPath: /shared name: static-files - mountPath: /tmp name: dexconfig serviceAccountName: argocd-dex-server volumes: - emptyDir: {} name: static-files - emptyDir: {} name: dexconfig --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha-haproxy app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy spec: replicas: 3 revisionHistoryLimit: 1 selector: matchLabels: app.kubernetes.io/name: argocd-redis-ha-haproxy strategy: type: RollingUpdate template: metadata: annotations: checksum/config: c55502ce732f78a70658dc77f00c02444cd6b6bede4b270f56d082fdaed1dc5f labels: app.kubernetes.io/name: argocd-redis-ha-haproxy name: argocd-redis-ha-haproxy spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - image: haproxy:2.0.22-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: httpGet: path: /healthz port: 8888 initialDelaySeconds: 5 periodSeconds: 3 name: haproxy ports: - containerPort: 6379 name: redis readinessProbe: httpGet: path: /healthz port: 8888 initialDelaySeconds: 5 periodSeconds: 3 volumeMounts: - mountPath: /usr/local/etc/haproxy name: data - mountPath: /run/haproxy name: shared-socket initContainers: - args: - /readonly/haproxy_init.sh command: - sh image: haproxy:2.0.22-alpine imagePullPolicy: IfNotPresent name: config-init volumeMounts: - mountPath: /readonly name: config-volume readOnly: true - mountPath: /data name: data securityContext: fsGroup: 1000 runAsNonRoot: true runAsUser: 1000 serviceAccountName: argocd-redis-ha-haproxy volumes: - configMap: name: argocd-redis-ha-configmap name: config-volume - emptyDir: {} name: shared-socket - emptyDir: {} name: data --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: repo-server app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd name: argocd-repo-server spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: argocd-repo-server template: metadata: labels: app.kubernetes.io/name: argocd-repo-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server topologyKey: failure-domain.beta.kubernetes.io/zone weight: 100 requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - command: - entrypoint.sh - argocd-repo-server - --redis - argocd-redis-ha-haproxy:6379 env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true - name: ARGOCD_REPO_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: reposerver.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: reposerver.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: reposerver.disable.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: reposerver.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: reposerver.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.repo.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: reposerver.default.cache.expiration name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v2.1.0 imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /healthz?full=true port: 8084 initialDelaySeconds: 30 periodSeconds: 5 name: argocd-repo-server ports: - containerPort: 8081 - containerPort: 8084 readinessProbe: httpGet: path: /healthz port: 8084 initialDelaySeconds: 5 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - mountPath: /tmp name: tmp volumes: - configMap: name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: name: argocd-tls-certs-cm name: tls-certs - configMap: name: argocd-gpg-keys-cm name: gpg-keys - emptyDir: {} name: gpg-keyring - emptyDir: {} name: tmp - name: argocd-repo-server-tls secret: items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: argocd-server template: metadata: labels: app.kubernetes.io/name: argocd-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-server topologyKey: failure-domain.beta.kubernetes.io/zone weight: 100 requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: argocd-server topologyKey: kubernetes.io/hostname containers: - command: - argocd-server - --redis - argocd-redis-ha-haproxy:6379 env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: key: server.insecure name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_BASEHREF valueFrom: configMapKeyRef: key: server.basehref name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_ROOTPATH valueFrom: configMapKeyRef: key: server.rootpath name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_LOGFORMAT valueFrom: configMapKeyRef: key: server.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_REPO_SERVER_LOGLEVEL valueFrom: configMapKeyRef: key: server.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER valueFrom: configMapKeyRef: key: repo.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DEX_SERVER valueFrom: configMapKeyRef: key: server.dex.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_DISABLE_AUTH valueFrom: configMapKeyRef: key: server.disable.auth name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_ENABLE_GZIP valueFrom: configMapKeyRef: key: server.enable.gzip name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: server.repo.server.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_X_FRAME_OPTIONS valueFrom: configMapKeyRef: key: server.x.frame.options name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: server.repo.server.plaintext name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS valueFrom: configMapKeyRef: key: server.repo.server.strict.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MIN_VERSION valueFrom: configMapKeyRef: key: server.tls.minversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_MAX_VERSION valueFrom: configMapKeyRef: key: server.tls.maxversion name: argocd-cmd-params-cm optional: true - name: ARGOCD_TLS_CIPHERS valueFrom: configMapKeyRef: key: server.tls.ciphers name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.connection.status.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.oidc.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION valueFrom: configMapKeyRef: key: server.login.attempts.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_APP_STATE_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.app.state.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: server.default.cache.expiration name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v2.1.0 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz?full=true port: 8080 initialDelaySeconds: 3 periodSeconds: 30 name: argocd-server ports: - containerPort: 8080 - containerPort: 8083 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 30 securityContext: allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/server/tls name: argocd-repo-server-tls - mountPath: /home/argocd name: plugins-home - mountPath: /tmp name: tmp serviceAccountName: argocd-server volumes: - emptyDir: {} name: plugins-home - emptyDir: {} name: tmp - emptyDir: {} name: static-files - configMap: name: argocd-ssh-known-hosts-cm name: ssh-known-hosts - configMap: name: argocd-tls-certs-cm name: tls-certs - name: argocd-repo-server-tls secret: items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: application-controller app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: argocd-application-controller serviceName: argocd-application-controller template: metadata: labels: app.kubernetes.io/name: argocd-application-controller spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-application-controller topologyKey: kubernetes.io/hostname weight: 100 - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname weight: 5 containers: - command: - argocd-application-controller - --status-processors - "20" - --operation-processors - "10" - --redis - argocd-redis-ha-haproxy:6379 env: - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: key: timeout.reconciliation name: argocd-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: key: repo.server name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: controller.repo.server.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS valueFrom: configMapKeyRef: key: controller.status.processors name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS valueFrom: configMapKeyRef: key: controller.operation.processors name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT valueFrom: configMapKeyRef: key: controller.log.format name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL valueFrom: configMapKeyRef: key: controller.log.level name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: controller.metrics.cache.expiration name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS valueFrom: configMapKeyRef: key: controller.self.heal.timeout.seconds name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: key: controller.repo.server.plaintext name: argocd-cmd-params-cm optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS valueFrom: configMapKeyRef: key: controller.repo.server.strict.tls name: argocd-cmd-params-cm optional: true - name: ARGOCD_APP_STATE_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: controller.app.state.cache.expiration name: argocd-cmd-params-cm optional: true - name: REDIS_SERVER valueFrom: configMapKeyRef: key: redis.server name: argocd-cmd-params-cm optional: true - name: REDISDB valueFrom: configMapKeyRef: key: redis.db name: argocd-cmd-params-cm optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: key: controller.default.cache.expiration name: argocd-cmd-params-cm optional: true image: quay.io/argoproj/argocd:v2.1.0 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 8082 initialDelaySeconds: 5 periodSeconds: 10 name: argocd-application-controller ports: - containerPort: 8082 readinessProbe: httpGet: path: /healthz port: 8082 initialDelaySeconds: 5 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /app/config/controller/tls name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home workingDir: /home/argocd serviceAccountName: argocd-application-controller volumes: - emptyDir: {} name: argocd-home - name: argocd-repo-server-tls secret: items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt optional: true secretName: argocd-repo-server-tls --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-server spec: podManagementPolicy: OrderedReady replicas: 3 selector: matchLabels: app.kubernetes.io/name: argocd-redis-ha serviceName: argocd-redis-ha template: metadata: annotations: checksum/init-config: 7128bfbb51eafaffe3c33b1b463e15f0cf6514cec570f9d9c4f2396f28c724ac labels: app.kubernetes.io/name: argocd-redis-ha spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: argocd-redis-ha topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - args: - /data/conf/redis.conf command: - redis-server image: redis:6.2.4-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: exec: command: - sh - -c - /health/redis_liveness.sh failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 15 name: redis ports: - containerPort: 6379 name: redis readinessProbe: exec: command: - sh - -c - /health/redis_readiness.sh failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 15 volumeMounts: - mountPath: /data name: data - mountPath: /health name: health - args: - /data/conf/sentinel.conf command: - redis-sentinel image: redis:6.2.4-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: exec: command: - sh - -c - /health/sentinel_liveness.sh failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 15 name: sentinel ports: - containerPort: 26379 name: sentinel readinessProbe: exec: command: - sh - -c - /health/sentinel_liveness.sh failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 15 successThreshold: 3 timeoutSeconds: 15 volumeMounts: - mountPath: /data name: data - mountPath: /health name: health initContainers: - args: - /readonly-config/init.sh command: - sh env: - name: SENTINEL_ID_0 value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 - name: SENTINEL_ID_1 value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca image: redis:6.2.4-alpine imagePullPolicy: IfNotPresent name: config-init volumeMounts: - mountPath: /readonly-config name: config readOnly: true - mountPath: /data name: data securityContext: fsGroup: 1000 runAsNonRoot: true runAsUser: 1000 serviceAccountName: argocd-redis-ha terminationGracePeriodSeconds: 60 volumes: - configMap: name: argocd-redis-ha-configmap name: config - configMap: defaultMode: 493 name: argocd-redis-ha-health-configmap name: health - emptyDir: {} name: data updateStrategy: type: RollingUpdate --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-application-controller-network-policy spec: ingress: - from: - namespaceSelector: {} ports: - port: 8082 podSelector: matchLabels: app.kubernetes.io/name: argocd-application-controller policyTypes: - Ingress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-dex-server-network-policy spec: ingress: - from: - podSelector: matchLabels: app.kubernetes.io/name: argocd-server ports: - port: 5556 protocol: TCP - port: 5557 protocol: TCP - from: - namespaceSelector: {} ports: - port: 5558 protocol: TCP podSelector: matchLabels: app.kubernetes.io/name: argocd-dex-server policyTypes: - Ingress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: ingress: - from: - podSelector: matchLabels: app.kubernetes.io/name: argocd-server - podSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server - podSelector: matchLabels: app.kubernetes.io/name: argocd-application-controller - podSelector: matchLabels: app.kubernetes.io/name: argocd-redis-ha podSelector: matchLabels: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-redis-ha-server-network-policy spec: ingress: - from: - podSelector: matchLabels: app.kubernetes.io/name: argocd-redis-ha-haproxy - podSelector: matchLabels: app.kubernetes.io/name: argocd-redis-ha podSelector: matchLabels: app.kubernetes.io/name: argocd-redis-ha policyTypes: - Ingress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-repo-server-network-policy spec: ingress: - from: - podSelector: matchLabels: app.kubernetes.io/name: argocd-server - podSelector: matchLabels: app.kubernetes.io/name: argocd-application-controller - podSelector: matchLabels: app.kubernetes.io/name: argocd-notifications-controller ports: - port: 8081 protocol: TCP - from: - namespaceSelector: {} ports: - port: 8084 podSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server policyTypes: - Ingress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-server-network-policy spec: ingress: - {} podSelector: matchLabels: app.kubernetes.io/name: argocd-server policyTypes: - Ingress

Actual output

Error: accumulating resources: accumulating resources from 'https://github.com/argoproj/argo-cd/manifests/ha/cluster-install?ref=v2.1.0': HTTP Error: status code 404 (Not Found)

Kustomize version Kustomize v4.5.1 for this issue, it also occurs on v4.5.0.

Platform Linux (automated build system), macOS for local reproduction.

Additional context

natasha41575 commented 2 years ago

/triage accepted /kind regression

Hopefully this will be fixed by https://github.com/kubernetes-sigs/kustomize/pull/4453

natasha41575 commented 2 years ago

FYI @KnVerey another regression, we think it was caused by https://github.com/kubernetes-sigs/kustomize/pull/4334

sylr commented 2 years ago

@dlowrey Immediate workaround is to prefix your resources with git:::

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- git::https://github.com/argoproj/argo-cd/manifests/ha/cluster-install?ref=v2.1.0
natasha41575 commented 2 years ago

This is fixed by https://github.com/kubernetes-sigs/kustomize/pull/4453 and will be released shortly.