argo-cd/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: argocd-applicationset-controller
    app.kubernetes.io/part-of: argocd
    app.kubernetes.io/component: applicationset-controller
  name: argocd-applicationset-controller
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-applicationset-controller
  template:
    metadata:
      labels:
        app.kubernetes.io/name: argocd-applicationset-controller
    spec:
      containers:
        - args:
            - /usr/local/bin/argocd-applicationset-controller
          image: quay.io/argoproj/argocd:latest
          imagePullPolicy: Always
          name: argocd-applicationset-controller
          ports:
            - containerPort: 7000
              name: webhook
            - containerPort: 8080
              name: metrics
          env:
            - name: GRPC_ENABLE_TXT_SERVICE_CONFIG
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.grpc.enable.txt.service.config
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.global.preserved.annotations
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.global.preserved.labels
                  name: argocd-cmd-params-cm
                  optional: true
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.leader.election
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
              valueFrom:
                configMapKeyRef:
                  key: repo.server
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.policy
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.policy.override
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.debug
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.log.format
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.log.level
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_LOG_FORMAT_TIMESTAMP
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: log.format.timestamp
                  optional: true
            - name: ARGOCD_K8S_CLIENT_QPS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.k8s.client.qps
                  optional: true
            - name: ARGOCD_K8S_CLIENT_BURST
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.k8s.client.burst
                  optional: true
            - name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.k8s.client.max.idle.connections
                  optional: true
            - name: ARGOCD_K8S_TCP_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.k8s.tcp.timeout
                  optional: true
            - name: ARGOCD_K8S_TCP_KEEPALIVE
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.k8s.tcp.keepalive
                  optional: true
            - name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.k8s.tls.handshake.timeout
                  optional: true
            - name: ARGOCD_K8S_TCP_IDLE_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.k8s.tcp.idle.timeout
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.dryrun
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_GIT_MODULES_ENABLED
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.git.submodule
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.progressive.syncs
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.tokenref.strict.mode
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.new.git.file.globbing
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.repo.server.plaintext
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.repo.server.strict.tls
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.repo.server.timeout.seconds
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.concurrent.reconciliations.max
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.namespaces
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.scm.root.ca.path
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.allowed.scm.providers
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.enable.scm.providers
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.enable.github.api.metrics
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.webhook.parallelism.limit
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.requeue.after
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_MAX_RESOURCES_STATUS_COUNT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.status.max.resources.count
                  optional: true
          volumeMounts:
            - mountPath: /app/config/ssh
              name: ssh-known-hosts
            - mountPath: /app/config/tls
              name: tls-certs
            - mountPath: /app/config/gpg/source
              name: gpg-keys
            - mountPath: /app/config/gpg/keys
              name: gpg-keyring
            - mountPath: /tmp
              name: tmp
            - name: argocd-repo-server-tls
              mountPath: /app/config/reposerver/tls
            - name: argocd-cmd-params-cm
              mountPath: /home/argocd/params
          securityContext:
            capabilities:
              drop:
                - ALL
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
      serviceAccountName: argocd-applicationset-controller
      volumes:
        - configMap:
            name: argocd-ssh-known-hosts-cm
          name: ssh-known-hosts
        - configMap:
            name: argocd-tls-certs-cm
          name: tls-certs
        - configMap:
            name: argocd-gpg-keys-cm
          name: gpg-keys
        - emptyDir: { }
          name: gpg-keyring
        - emptyDir: { }
          name: tmp
        - name: argocd-repo-server-tls
          secret:
            secretName: argocd-repo-server-tls
            optional: true
            items:
              - key: tls.crt
                path: tls.crt
              - key: tls.key
                path: tls.key
              - key: ca.crt
                path: ca.crt
        - name: argocd-cmd-params-cm
          configMap:
            optional: true
            name: argocd-cmd-params-cm
            items:
              - key: applicationsetcontroller.profile.enabled
                path: profiler.enabled
      nodeSelector:
        kubernetes.io/os: linux