apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/name: argocd-commit-server app.kubernetes.io/part-of: argocd app.kubernetes.io/component: commit-server name: argocd-commit-server spec: selector: matchLabels: app.kubernetes.io/name: argocd-commit-server template: metadata: labels: app.kubernetes.io/name: argocd-commit-server spec: serviceAccountName: argocd-commit-server automountServiceAccountToken: false containers: - name: argocd-commit-server image: quay.io/argoproj/argocd:latest imagePullPolicy: Always args: - /usr/local/bin/argocd-commit-server env: - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: commitserver.listen.address optional: true - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: commitserver.metrics.listen.address optional: true - name: ARGOCD_COMMIT_SERVER_LOGFORMAT valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: commitserver.log.format optional: true - name: ARGOCD_COMMIT_SERVER_LOGLEVEL valueFrom: configMapKeyRef: name: argocd-cmd-params-cm key: commitserver.log.level optional: true ports: - containerPort: 8086 - containerPort: 8087 livenessProbe: httpGet: path: /healthz?full=true port: 8087 initialDelaySeconds: 30 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 readinessProbe: httpGet: path: /healthz port: 8087 initialDelaySeconds: 5 periodSeconds: 10 securityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - name: ssh-known-hosts mountPath: /app/config/ssh - name: tls-certs mountPath: /app/config/tls - name: gpg-keys mountPath: /app/config/gpg/source - name: gpg-keyring mountPath: /app/config/gpg/keys # We need a writeable temp directory for the askpass socket file. - name: tmp mountPath: /tmp initContainers: - command: - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server image: quay.io/argoproj/argocd:latest name: copyutil securityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /var/run/argocd name: var-files volumes: - name: ssh-known-hosts configMap: name: argocd-ssh-known-hosts-cm - name: tls-certs configMap: name: argocd-tls-certs-cm - name: gpg-keys configMap: name: argocd-gpg-keys-cm - name: gpg-keyring emptyDir: {} - name: tmp emptyDir: {} - name: argocd-commit-server-tls secret: secretName: argocd-commit-server-tls optional: true items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key - key: ca.crt path: ca.crt - emptyDir: {} name: var-files affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: argocd-commit-server topologyKey: kubernetes.io/hostname - weight: 5 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/part-of: argocd topologyKey: kubernetes.io/hostname