mirror of
https://github.com/argoproj/argo-cd
synced 2026-04-21 17:07:16 +00:00
11df9900ff
* feat(opentelemetry): ✨ support for secured OTLP endpoint and headers Signed-off-by: Prashant Shahi <me@prashantshahi.dev> * docs(opentelemetry): 📝 include new otlp headers in docs Signed-off-by: Prashant Shahi <me@prashantshahi.dev> * docs(opentelemetry): 📝 update readme docs as per integration tests Signed-off-by: Prashant Shahi <me@prashantshahi.dev> * docs(opentelemetry): 📝 update readme docs as per integration tests Signed-off-by: Prashant Shahi <me@prashantshahi.dev> * chore: resolve indentation issues Signed-off-by: Prashant Shahi <me@prashantshahi.dev> * chore: fix indentation issues Signed-off-by: Prashant Shahi <me@prashantshahi.dev> * chore: include OTLP options in deployment manifests Signed-off-by: Prashant Shahi <me@prashantshahi.dev> * fix: update manifests to resolve failing CI Signed-off-by: Prashant Shahi <me@prashantshahi.dev> --------- Signed-off-by: Prashant Shahi <me@prashantshahi.dev>
337 lines
11 KiB
YAML
337 lines
11 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: argocd-server
|
|
app.kubernetes.io/part-of: argocd
|
|
app.kubernetes.io/component: server
|
|
name: argocd-server
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: argocd-server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: argocd-server
|
|
spec:
|
|
serviceAccountName: argocd-server
|
|
containers:
|
|
- name: argocd-server
|
|
image: quay.io/argoproj/argocd:latest
|
|
imagePullPolicy: Always
|
|
args:
|
|
- /usr/local/bin/argocd-server
|
|
env:
|
|
- name: ARGOCD_SERVER_INSECURE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.insecure
|
|
optional: true
|
|
- name: ARGOCD_SERVER_BASEHREF
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.basehref
|
|
optional: true
|
|
- name: ARGOCD_SERVER_ROOTPATH
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.rootpath
|
|
optional: true
|
|
- name: ARGOCD_SERVER_LOGFORMAT
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.log.format
|
|
optional: true
|
|
- name: ARGOCD_SERVER_LOG_LEVEL
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.log.level
|
|
optional: true
|
|
- name: ARGOCD_SERVER_REPO_SERVER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: repo.server
|
|
optional: true
|
|
- name: ARGOCD_SERVER_DEX_SERVER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.dex.server
|
|
optional: true
|
|
- name: ARGOCD_SERVER_DISABLE_AUTH
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.disable.auth
|
|
optional: true
|
|
- name: ARGOCD_SERVER_ENABLE_GZIP
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.enable.gzip
|
|
optional: true
|
|
- name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.repo.server.timeout.seconds
|
|
optional: true
|
|
- name: ARGOCD_SERVER_X_FRAME_OPTIONS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.x.frame.options
|
|
optional: true
|
|
- name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.content.security.policy
|
|
optional: true
|
|
- name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.repo.server.plaintext
|
|
optional: true
|
|
- name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.repo.server.strict.tls
|
|
optional: true
|
|
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.dex.server.plaintext
|
|
optional: true
|
|
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.dex.server.strict.tls
|
|
optional: true
|
|
- name: ARGOCD_TLS_MIN_VERSION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.tls.minversion
|
|
optional: true
|
|
- name: ARGOCD_TLS_MAX_VERSION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.tls.maxversion
|
|
optional: true
|
|
- name: ARGOCD_TLS_CIPHERS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.tls.ciphers
|
|
optional: true
|
|
- name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.connection.status.cache.expiration
|
|
optional: true
|
|
- name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.oidc.cache.expiration
|
|
optional: true
|
|
- name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.login.attempts.expiration
|
|
optional: true
|
|
- name: ARGOCD_SERVER_STATIC_ASSETS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.staticassets
|
|
optional: true
|
|
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.app.state.cache.expiration
|
|
optional: true
|
|
- name: REDIS_SERVER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: redis.server
|
|
optional: true
|
|
- name: REDIS_COMPRESSION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: redis.compression
|
|
optional: true
|
|
- name: REDISDB
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: redis.db
|
|
optional: true
|
|
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.default.cache.expiration
|
|
optional: true
|
|
- name: ARGOCD_MAX_COOKIE_NUMBER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.http.cookie.maxnumber
|
|
optional: true
|
|
- name: ARGOCD_SERVER_LISTEN_ADDRESS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.listen.address
|
|
optional: true
|
|
- name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.metrics.listen.address
|
|
optional: true
|
|
- name: ARGOCD_SERVER_OTLP_ADDRESS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: otlp.address
|
|
optional: true
|
|
- name: ARGOCD_SERVER_OTLP_INSECURE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: otlp.insecure
|
|
optional: true
|
|
- name: ARGOCD_SERVER_OTLP_HEADERS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: otlp.headers
|
|
optional: true
|
|
- name: ARGOCD_APPLICATION_NAMESPACES
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: application.namespaces
|
|
optional: true
|
|
- name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.enable.proxy.extension
|
|
optional: true
|
|
- name: ARGOCD_K8SCLIENT_RETRY_MAX
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.k8sclient.retry.max
|
|
optional: true
|
|
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: server.k8sclient.retry.base.backoff
|
|
optional: true
|
|
volumeMounts:
|
|
- name: ssh-known-hosts
|
|
mountPath: /app/config/ssh
|
|
- name: tls-certs
|
|
mountPath: /app/config/tls
|
|
- name: argocd-repo-server-tls
|
|
mountPath: /app/config/server/tls
|
|
- name: argocd-dex-server-tls
|
|
mountPath: /app/config/dex/tls
|
|
- mountPath: /home/argocd
|
|
name: plugins-home
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
ports:
|
|
- containerPort: 8080
|
|
- containerPort: 8083
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz?full=true
|
|
port: 8080
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 30
|
|
timeoutSeconds: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8080
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 30
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: plugins-home
|
|
- emptyDir: {}
|
|
name: tmp
|
|
- name: ssh-known-hosts
|
|
configMap:
|
|
name: argocd-ssh-known-hosts-cm
|
|
- name: tls-certs
|
|
configMap:
|
|
name: argocd-tls-certs-cm
|
|
- name: argocd-repo-server-tls
|
|
secret:
|
|
secretName: argocd-repo-server-tls
|
|
optional: true
|
|
items:
|
|
- key: tls.crt
|
|
path: tls.crt
|
|
- key: tls.key
|
|
path: tls.key
|
|
- key: ca.crt
|
|
path: ca.crt
|
|
- name: argocd-dex-server-tls
|
|
secret:
|
|
secretName: argocd-dex-server-tls
|
|
optional: true
|
|
items:
|
|
- key: tls.crt
|
|
path: tls.crt
|
|
- key: ca.crt
|
|
path: ca.crt
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: argocd-server
|
|
topologyKey: kubernetes.io/hostname
|
|
- weight: 5
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/part-of: argocd
|
|
topologyKey: kubernetes.io/hostname
|