├── LICENSE ├── OWNERS ├── README.md └── argocd ├── README.md ├── argocd.yaml ├── builds ├── base │ ├── build.yaml │ └── kustomization.yaml └── overlays │ ├── pre │ ├── build.yaml │ └── kustomization.yaml │ └── pro │ ├── build.yaml │ └── kustomization.yaml ├── console └── console.yaml ├── grafana-operator └── grafana-operator.yaml ├── identity-providers ├── htpass-secret.yaml └── oauth-htpasswd.yaml ├── image └── image.yaml ├── machine-sets └── machinesets.yaml └── scheduler └── scheduler-config.yaml /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - abutcher 3 | - csrwng 4 | - dgoodwin 5 | - joelddiaz 6 | - twiest 7 | - staebler 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OpenShift GitOps Examples 2 | 3 | In this guide we will provide examples for managing OpenShift 4 cluster configurations with GitOps. 4 | 5 | * [ArgoCD Examples](./argocd/README.md) 6 | -------------------------------------------------------------------------------- /argocd/README.md: -------------------------------------------------------------------------------- 1 | # ArgoCD GitOps Examples 2 | 3 | 4 | 5 | - [What is ArgoCD](#What-is-ArgoCD) 6 | - [Prerequisites](#Prerequisites) 7 | - [Installing ArgoCD on Openshift 4](#Installing-ArgoCD-on-OpenShift-4) 8 | - [Configuring OpenShift 4](#Configuring-OpenShift-4) 9 | - [General Guidelines](#General-Guidelines) 10 | - [Examples](#Examples) 11 | - [Identity Provider](#Identity-Provider) 12 | - [Builds](#Builds) 13 | - [Registries](#Registries) 14 | - [Console](#Console) 15 | - [Scheduler Policy](#Scheduler-Policy) 16 | - [Machine Sets](#Machine-Sets) 17 | - [Operator Hub Operator](#Operator-Hub-Operator) 18 | - [Multi-cluster Management](#Multi-cluster-Management) 19 | - [Deploy Configuration to Multiple Clusters](#Deploy-Configuration-to-Multiple-Clusters) 20 | - [Customizing Configuration By Cluster](#Customizing-Configuration-By-Cluster) 21 | 22 | 23 | 24 | # What is ArgoCD 25 | 26 | ArgoCD is a declarative continuous delivery tool that leverages GitOps to maintain cluster resources. ArgoCD is implemented as a controller which is continuously monitoring application definitions and configurations defined in a Git repository and compares the desired state of those configurations with their live state on the cluster. Configurations which deviate from their desired state in the Git repository are classified as `OutOfSync`. ArgoCD reports these differences and allows administrators to automatically or manually resync configurations to the desired state. 27 | 28 | # Prerequisites 29 | 30 | The examples contained in this section require, 31 | 32 | * the [oc](https://access.redhat.com/downloads/content/290) OpenShift client command-line tool 33 | * a [kubeconfig](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) file for an existing OpenShift cluster (default location is `~/.kube/config`) 34 | * the [argocd](https://github.com/argoproj/argo-cd/releases/latest) command-line tool 35 | 36 | ## Installing ArgoCD on OpenShift 4 37 | 38 | These manual steps will hopefully be replaced by an ArgoCD operator on OperatorHub in the near future. 39 | 40 | ```bash 41 | oc new-project argocd 42 | oc apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml 43 | oc create route passthrough --service=argocd-server 44 | 45 | # but this does not seem to work for console logins... 46 | #oc apply -n argocd -f argocd.yaml 47 | #oc create route edge --service=argocd-server 48 | 49 | # Get the argoCD 'admin' password: 50 | ARGO_ADMIN_PASS=`kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2` 51 | 52 | # Login: 53 | ARGO_ROUTE=`oc get route argocd-server -n argocd -o jsonpath='{.spec.host}'` 54 | argocd login $ARGO_ROUTE:443 --username admin --password $ARGO_ADMIN_PASS --insecure 55 | 56 | # Change the ArgoCD password: 57 | argocd account update-password 58 | ``` 59 | 60 | NOTE: ArgoCD does not have any local users other than the built-in `admin` user. By default, only the `admin` user may interract with ArgoCD and its apps. Additional users can manage ArgoCD via SSO if configured. See the [ArgoCD Operator Manual](https://argoproj.github.io/argo-cd/operator-manual/sso/). 61 | 62 | # Configuring OpenShift 4 63 | 64 | ## General Guidelines 65 | 66 | 1. ArgoCD "Applications" (despite the name) can be used to deliver global custom resources such as those which configure OpenShift v4 clusters. 67 | 1. When creating an application you will be required to provide a namespace. In the case of an application delivering global custom resources this doesn't make a lot of sense, but you can provide the name of any namespace to get past this issue. 68 | 1. By default Argo will look to prune resources, should you ever delete your application that delivered them. In the case of OpenShift v4 global configuration custom resources, these often are blocked from being deleted, which can cause Argo to become stuck. If however in your configuration git repository you add the `argocd.argoproj.io/sync-options: Prune=false` annotation to your custom resources, this problem can be avoided. If you do run into this problem, you will need to manually "kubectl edit" the Argo Application and remove the finalizer which blocks until resources are pruned. 69 | 70 | ## Examples 71 | 72 | The following section demonstrates the use of ArgoCD to deliver some of the available [OpenShift v4 Cluster Customizations](https://docs.openshift.com/container-platform/4.1/installing/install_config/customizations.html). 73 | 74 | ### Identity Provider 75 | 76 | The [identity-providers](./identity-providers) directory contains an example for deploying an HTPasswd OAuth provider, and the associated secret. Deploying this as an ArgoCD application should allow you to login to your cluster as *user1 / MyPassword!*. For information on how this secret was created, see the [OpenShift 4 Documentation](https://docs.openshift.com/container-platform/4.1/authentication/identity_providers/configuring-htpasswd-identity-provider.html#configuring-htpasswd-identity-provider). 77 | 78 | ```bash 79 | argocd app create htpasswd-oauth --repo https://github.com/openshift/openshift-gitops-examples.git --path=argocd/identity-providers --dest-server=https://kubernetes.default.svc --dest-namespace=openshift-config 80 | argocd app sync htpasswd-oauth 81 | ``` 82 | 83 | This example includes both a global OAuth config resource, and a namespaced secret. 84 | 85 | WARNING: The openshift-oauth operator copies your specified secrets to the openshift-authentication, including their labels. One of these labels in added by ArgoCD to indicate the secret is owned by the htpasswd-oauth application. When this is copied, it causes ArgoCD to now see the copied secret as a resource it doesn't know about, is owned by this app, thus should be pruned. You can disable pruning with the normal annotation but will still see this secret as out of sync in the UI. 86 | 87 | ### Builds 88 | 89 | The [builds](./builds) directory contains an example global Build configuration. 90 | 91 | ```bash 92 | argocd app create builds-config --repo https://github.com/openshift/openshift-gitops-examples.git --path=argocd/builds/base --dest-server=https://kubernetes.default.svc --dest-namespace=openshift-config 93 | argocd app sync builds-config 94 | ``` 95 | 96 | ### Registries 97 | 98 | The [image](./image) directory contains an example global Image configuration which sets `allowedRegistriesForImport`, limiting the container image registries from which normal users may import images to only include `quay.io`. 99 | 100 | ```bash 101 | argocd app create image-config --repo https://github.com/openshift/openshift-gitops-examples.git --path=argocd/image --dest-server=https://kubernetes.default.svc --dest-namespace=openshift-config 102 | argocd app sync image-config 103 | ``` 104 | 105 | ### Console 106 | 107 | The [console](./console) directory contains a simple configuration for the OpenShift console which simply changes the logout behavior to redirect to Google. 108 | 109 | ```bash 110 | argocd app create console-config --repo https://github.com/openshift/openshift-gitops-examples.git --path=argocd/console --dest-server=https://kubernetes.default.svc --dest-namespace=openshift-config 111 | argocd app sync console-config 112 | ``` 113 | 114 | TODO: The --dest-namespace here is odd as this example contains only a global resource. 115 | 116 | 117 | ### Scheduler Policy 118 | 119 | The [scheduler](./scheduler) directory contains an example scheduler policy configmap which can be deployed to override the default scheduler policy. For information regarding scheduler predicates, see the [OpenShift 4 Documentation](https://docs.openshift.com/container-platform/4.1/nodes/scheduling/nodes-scheduler-default.html#nodes-scheduler-default-predicates_nodes-scheduler-default). 120 | 121 | ```bash 122 | argocd app create scheduler-policy --repo https://github.com/openshift/openshift-gitops-examples.git --path=argocd/scheduler --dest-server=https://kubernetes.default.svc --dest-namespace=openshift-config 123 | argocd app sync scheduler-policy 124 | ``` 125 | 126 | ### Machine Sets 127 | 128 | The [machine-sets](./machine-sets) directory contains an example `MachineSet` being deployed as an application via ArgoCD: 129 | 130 | ```bash 131 | argocd app create machineset --repo https://github.com/openshift/openshift-gitops-examples.git --path=argocd/machine-sets --dest-server=https://kubernetes.default.svc --dest-namespace=openshift-machine-api 132 | argocd app sync machineset 133 | ``` 134 | 135 | However there is a problem here, if you [view the yaml](./machine-sets/machinesets.yaml) you will see the cluster's generated InfraID referenced multiple times. This value is generated by the OpenShift installer and used in the naming of many cloud objects. Committing cluster config will be problematic as this value is not known before install, and not consistent across clusters. 136 | 137 | A standard OpenShift 4 cluster with 3 compute nodes in us-east-1 comes with 6 MachineSets, one per AZ (in my account), with only three of them scaled to 1 replicas. Each MachineSet references the generated InfraID roughly 9 times: 138 | 139 | - MachineSet Name 140 | - Selector 141 | - IAM Instance Profile 142 | - Security Group Name 143 | - Subnet 144 | - AWS Tags 145 | 146 | TODO: Should we recommend against using MachineSets with gitops and Argo? Or is there a templating solution we should explore? In this case the value we want to template is a fact about the individual cluster it's being deployed to. 147 | 148 | ### Operator Hub Operator 149 | 150 | Deploy an operator from [Operator Hub](https://operatorhub.io/) by creating `OperatorGroup` and `Subscription` objects. In this example we will deploy the [grafana operator](https://operatorhub.io/operator/grafana-operator). 151 | 152 | ``` 153 | argocd app create grafana-operator --repo https://github.com/openshift/openshift-gitops-examples.git --path=argocd/grafana-operator --dest-server=https://kubernetes.default.svc --dest-namespace=default 154 | argocd app sync grafana-operator 155 | ``` 156 | 157 | 158 | # Multi-cluster Management 159 | 160 | In this example we will manage the build configuration of two OpenShift 4.x clusters, a pre-production (context: `pre`) cluster and a production (context: `pro`) cluster. 161 | 162 | The example build configuration we will deploy contains customizations to be made per cluster environment. 163 | 164 | ## Deploy Configuration to Multiple Clusters 165 | 166 | Ensure we have access to both clusters via kubeconfig context, 167 | 168 | ```bash 169 | $ oc --context pre get nodes 170 | NAME STATUS ROLES AGE VERSION 171 | ip-10-0-133-97.ec2.internal Ready master 5h v1.14.6+7e13ab9a7 172 | ip-10-0-136-91.ec2.internal Ready worker 5h v1.14.6+7e13ab9a7 173 | ip-10-0-144-237.ec2.internal Ready worker 5h v1.14.6+7e13ab9a7 174 | ip-10-0-147-216.ec2.internal Ready master 5h v1.14.6+7e13ab9a7 175 | ip-10-0-165-161.ec2.internal Ready master 5h v1.14.6+7e13ab9a7 176 | ip-10-0-169-135.ec2.internal Ready worker 5h v1.14.6+7e13ab9a7 177 | ``` 178 | 179 | ```bash 180 | $ oc --context pro get nodes 181 | NAME STATUS ROLES AGE VERSION 182 | ip-10-0-133-100.ec2.internal Ready master 5h v1.14.6+7e13ab9a7 183 | ip-10-0-138-244.ec2.internal Ready worker 5h v1.14.6+7e13ab9a7 184 | ip-10-0-146-118.ec2.internal Ready master 5h v1.14.6+7e13ab9a7 185 | ip-10-0-151-40.ec2.internal Ready worker 5h v1.14.6+7e13ab9a7 186 | ip-10-0-165-83.ec2.internal Ready worker 5h v1.14.6+7e13ab9a7 187 | ip-10-0-175-20.ec2.internal Ready master 5h v1.14.6+7e13ab9a7 188 | ``` 189 | 190 | NOTE: Setting up multiple contexts with separate kubeconfigs can be achieved by [merging kubeconfigs](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/). 191 | 192 | In order to merge several kubeconfigs, ensure that each kubeconfig you wish to merge is configured with a user unique to the particular kubeconfig. For example, if each kubeconfig you wish to merge contains an `admin` user then that user would need to be changed to something unique to the cluster identified by the kubeconfig such as `admin1`. Simply update the user string in the kubeconfig. 193 | 194 | For this example, we will have two kubeconfig files `cluster1.kubeconfig` and `cluster2.kubeconfig` that will be merged into `merged-config.kubeconfig`. 195 | 196 | ```bash 197 | export KUBECONFIG="merged-config.kubeconfig:cluster1.kubeconfig:cluster2.kubeconfig" 198 | 199 | $ oc config get-contexts 200 | CURRENT NAME CLUSTER AUTHINFO NAMESPACE 201 | admin1 cluster1 admin1 202 | admin2 cluster2 admin2 203 | 204 | $ oc config set-context pre --cluster=cluster1 --user=admin1 205 | Context "pre" created. 206 | 207 | $ oc config set-context pro --cluster=cluster2 --user=admin2 208 | Context "pro" created. 209 | ``` 210 | 211 | Next, ensure that each cluster has been registered with ArgoCD. Clusters are added to ArgoCD by specifying the context, 212 | 213 | ```bash 214 | $ argocd cluster add 215 | ERRO[0000] Choose a context name from: 216 | CURRENT NAME CLUSTER SERVER 217 | admin1 cluster1 https://api.cluster1.new-installer.openshift.com:6443 218 | admin2 cluster2 https://api.cluster2.new-installer.openshift.com:6443 219 | * pre cluster1 https://api.cluster1.new-installer.openshift.com:6443 220 | pro cluster2 https://api.cluster2.new-installer.openshift.com:6443 221 | 222 | $ argocd cluster add pre 223 | INFO[0000] ServiceAccount "argocd-manager" created in namespace "kube-system" 224 | INFO[0000] ClusterRole "argocd-manager-role" created 225 | INFO[0000] ClusterRoleBinding "argocd-manager-role-binding" created, bound "argocd-manager" to "argocd-manager-role" 226 | Cluster 'pre' added 227 | 228 | $ argocd cluster add pro 229 | INFO[0000] ServiceAccount "argocd-manager" created in namespace "kube-system" 230 | INFO[0000] ClusterRole "argocd-manager-role" created 231 | INFO[0000] ClusterRoleBinding "argocd-manager-role-binding" created, bound "argocd-manager" to "argocd-manager-role" 232 | Cluster 'pro' added 233 | 234 | $ argocd cluster list 235 | SERVER NAME STATUS MESSAGE 236 | https://kubernetes.default.svc Successful 237 | https://api.cluster2.new-installer.openshift.com:6443 pro Successful 238 | https://api.cluster1.new-installer.openshift.com:6443 pre Successful 239 | ``` 240 | 241 | Add our build configuration repository to ArgoCD. The build configuration repository has a `pre` and `pro` kustomize overlay which will override the build `imageLabels` by cluster but we will start by deploying the base build configuration. 242 | 243 | ```bash 244 | $ argocd repo add https://github.com/openshift/openshift-gitops-examples.git 245 | ``` 246 | 247 | Deploy custom OpenShift build configuration to pre-production and production clusters, 248 | 249 | ```bash 250 | $ argocd app create --project default \ 251 | --name pre-builds \ 252 | --repo https://github.com/openshift/openshift-gitops-examples.git \ 253 | --path argocd/builds/base \ 254 | --dest-server https://api.cluster1.new-installer.openshift.com:6443 \ 255 | --dest-namespace=openshift-config \ 256 | --revision master 257 | 258 | $ argocd app create --project default \ 259 | --name pro-builds \ 260 | --repo https://github.com/openshift/openshift-gitops-examples.git \ 261 | --path argocd/builds/base \ 262 | --dest-server https://api.cluster2.new-installer.openshift.com:6443 \ 263 | --dest-namespace=openshift-config \ 264 | --revision master 265 | ``` 266 | 267 | Sync configuration to both clusters as we have not defined an ArgoCD sync policy for the apps and must sync configurations manually. 268 | 269 | ```bash 270 | $ argocd app sync pre-builds 271 | $ argocd app sync pro-builds 272 | ``` 273 | 274 | Ensure both configurations have been successfully synced, 275 | 276 | ```bash 277 | $ argocd app list 278 | NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH 279 | pre-builds https://api.cluster1.new-installer.openshift.com:6443 openshift-config default Synced Healthy 280 | pro-builds https://api.cluster2.new-installer.openshift.com:6443 openshift-config default Synced Healthy 281 | ``` 282 | 283 | Grab the modified build configuration from each cluster and ensure that it has been updated, 284 | 285 | ```bash 286 | $ oc --context pre get build.config.openshift.io/cluster -o yaml -n openshift-config 287 | 288 | $ oc --context pro get build.config.openshift.io/cluster -o yaml -n openshift-config 289 | ``` 290 | 291 | ## Customizing Configuration By Cluster 292 | 293 | In this example, we will modify our build configuration based on which cluster we are deploying to. ArgoCD leverages [kustomize](https://kustomize.io/) to manage configuration overrides across environments. In the `pre` and `pro` [overlay directories](https://github.com/dgoodwin/openshift4-gitops/tree/master/builds/overlays) of our git repository there are `kustomization` files which include patches to apply to the base configuration. We will specify the `overlays` directory containing our kustomizations as the application path instead of the `base` directory builds configuration directory. 294 | 295 | Deploy kustomized build configuration to pre-production and production clusters, 296 | 297 | ```bash 298 | $ argocd app create --project default \ 299 | --name pre-kustomize-builds \ 300 | --repo https://github.com/openshift/openshift-gitops-examples.git \ 301 | --path argocd/builds/overlays/pre \ 302 | --dest-server https://api.cluster1.new-installer.openshift.com:6443 \ 303 | --dest-namespace openshift-config \ 304 | --revision master \ 305 | --sync-policy automated 306 | 307 | $ argocd app create --project default \ 308 | --name pro-kustomize-builds \ 309 | --repo https://github.com/openshift/openshift-gitops-examples.git \ 310 | --path argocd/builds/overlays/pro \ 311 | --dest-server https://api.cluster2.new-installer.openshift.com:6443 \ 312 | --dest-namespace openshift-config \ 313 | --revision master \ 314 | --sync-policy automated 315 | ``` 316 | 317 | Ensure that configuration applications have been synced successfully, 318 | 319 | ```bash 320 | $ argocd app get pre-kustomize-builds 321 | Name: pre-kustomize-builds 322 | Project: default 323 | Server: https://api.cluster1.new-installer.openshift.com:6443 324 | Namespace: openshift-config 325 | URL: https://argocd-server-argocd.apps.cluster1.new-installer.openshift.com/applications/pre-kustomize-builds 326 | Repo: https://github.com/openshift/openshift-gitops-examples.git 327 | Target: pre 328 | Path: argocd/builds/overlays/pre 329 | Sync Policy: Automated 330 | Sync Status: Synced to master (884a6db) 331 | Health Status: Healthy 332 | 333 | GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE 334 | config.openshift.io Build openshift-config cluster Running Synced build.config.openshift.io/cluster configured 335 | config.openshift.io Build cluster Synced Unknown 336 | ``` 337 | 338 | ```bash 339 | $ argocd app get pro-kustomize-builds 340 | Name: pro-kustomize-builds 341 | Project: default 342 | Server: https://api.cluster2.new-installer.openshift.com:6443 343 | Namespace: openshift-config 344 | URL: https://argocd-server-argocd.apps.cluster2.new-installer.openshift.com/applications/pro-kustomize-builds 345 | Repo: https://github.com/openshift/openshift-gitops-examples.git 346 | Target: pro 347 | Path: argocd/builds/overlays/pro 348 | Sync Policy: Automated 349 | Sync Status: Synced to master (884a6db) 350 | Health Status: Healthy 351 | 352 | GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE 353 | config.openshift.io Build openshift-config cluster Running Synced build.config.openshift.io/cluster unchanged 354 | config.openshift.io Build cluster Synced Unknown 355 | ``` 356 | 357 | Grab the `imageLabels` which have been modified per environment using kustomize, 358 | 359 | ```bash 360 | $ oc --context pre get build.config.openshift.io/cluster -n openshift-config -o jsonpath='{.spec.buildDefaults.imageLabels}' 361 | [map[value:true name:preprodbuild]] 362 | 363 | $ oc --context pro get build.config.openshift.io/cluster -n openshift-config -o jsonpath='{.spec.buildDefaults.imageLabels}' 364 | [map[value:true name:prodbuild]] 365 | ``` 366 | -------------------------------------------------------------------------------- /argocd/argocd.yaml: -------------------------------------------------------------------------------- 1 | # This is an auto-generated file. DO NOT EDIT 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: applications.argoproj.io 7 | app.kubernetes.io/part-of: argocd 8 | name: applications.argoproj.io 9 | spec: 10 | group: argoproj.io 11 | names: 12 | kind: Application 13 | plural: applications 14 | shortNames: 15 | - app 16 | - apps 17 | scope: Namespaced 18 | validation: 19 | openAPIV3Schema: 20 | description: Application is a definition of Application resource. 21 | properties: 22 | apiVersion: 23 | description: 'APIVersion defines the versioned schema of this representation 24 | of an object. Servers should convert recognized schemas to the latest 25 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 26 | type: string 27 | kind: 28 | description: 'Kind is a string value representing the REST resource this 29 | object represents. Servers may infer this from the endpoint the client 30 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 31 | type: string 32 | metadata: 33 | properties: 34 | annotations: 35 | additionalProperties: 36 | type: string 37 | description: 'Annotations is an unstructured key value map stored with 38 | a resource that may be set by external tools to store and retrieve 39 | arbitrary metadata. They are not queryable and should be preserved 40 | when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' 41 | type: object 42 | clusterName: 43 | description: The name of the cluster which the object belongs to. This 44 | is used to distinguish resources with same name and namespace in different 45 | clusters. This field is not set anywhere right now and apiserver is 46 | going to ignore it if set in create or update request. 47 | type: string 48 | deletionGracePeriodSeconds: 49 | description: Number of seconds allowed for this object to gracefully 50 | terminate before it will be removed from the system. Only set when 51 | deletionTimestamp is also set. May only be shortened. Read-only. 52 | format: int64 53 | type: integer 54 | deletionTimestamp: 55 | description: "DeletionTimestamp is RFC 3339 date and time at which this 56 | resource will be deleted. This field is set by the server when a graceful 57 | deletion is requested by the user, and is not directly settable by 58 | a client. The resource is expected to be deleted (no longer visible 59 | from resource lists, and not reachable by name) after the time in 60 | this field, once the finalizers list is empty. As long as the finalizers 61 | list contains items, deletion is blocked. Once the deletionTimestamp 62 | is set, this value may not be unset or be set further into the future, 63 | although it may be shortened or the resource may be deleted prior 64 | to this time. For example, a user may request that a pod is deleted 65 | in 30 seconds. The Kubelet will react by sending a graceful termination 66 | signal to the containers in the pod. After that 30 seconds, the Kubelet 67 | will send a hard termination signal (SIGKILL) to the container and 68 | after cleanup, remove the pod from the API. In the presence of network 69 | partitions, this object may still exist after this timestamp, until 70 | an administrator or automated process can determine the resource is 71 | fully terminated. If not set, graceful deletion of the object has 72 | not been requested. \n Populated by the system when a graceful deletion 73 | is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" 74 | format: date-time 75 | type: string 76 | finalizers: 77 | description: Must be empty before the object is deleted from the registry. 78 | Each entry is an identifier for the responsible component that will 79 | remove the entry from the list. If the deletionTimestamp of the object 80 | is non-nil, entries in this list can only be removed. 81 | items: 82 | type: string 83 | type: array 84 | generateName: 85 | description: "GenerateName is an optional prefix, used by the server, 86 | to generate a unique name ONLY IF the Name field has not been provided. 87 | If this field is used, the name returned to the client will be different 88 | than the name passed. This value will also be combined with a unique 89 | suffix. The provided value has the same validation rules as the Name 90 | field, and may be truncated by the length of the suffix required to 91 | make the value unique on the server. \n If this field is specified 92 | and the generated name exists, the server will NOT return a 409 - 93 | instead, it will either return 201 Created or 500 with Reason ServerTimeout 94 | indicating a unique name could not be found in the time allotted, 95 | and the client should retry (optionally after the time indicated in 96 | the Retry-After header). \n Applied only if Name is not specified. 97 | More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency" 98 | type: string 99 | generation: 100 | description: A sequence number representing a specific generation of 101 | the desired state. Populated by the system. Read-only. 102 | format: int64 103 | type: integer 104 | initializers: 105 | description: "An initializer is a controller which enforces some system 106 | invariant at object creation time. This field is a list of initializers 107 | that have not yet acted on this object. If nil or empty, this object 108 | has been completely initialized. Otherwise, the object is considered 109 | uninitialized and is hidden (in list/watch and get calls) from clients 110 | that haven't explicitly asked to observe uninitialized objects. \n 111 | When an object is created, the system will populate this list with 112 | the current set of initializers. Only privileged users may set or 113 | modify this list. Once it is empty, it may not be modified further 114 | by any user. \n DEPRECATED - initializers are an alpha field and will 115 | be removed in v1.15." 116 | properties: 117 | pending: 118 | description: Pending is a list of initializers that must execute 119 | in order before this object is visible. When the last pending 120 | initializer is removed, and no failing result is set, the initializers 121 | struct will be set to nil and the object is considered as initialized 122 | and visible to all clients. 123 | items: 124 | properties: 125 | name: 126 | description: name of the process that is responsible for initializing 127 | this object. 128 | type: string 129 | required: 130 | - name 131 | type: object 132 | type: array 133 | result: 134 | description: If result is set with the Failure field, the object 135 | will be persisted to storage and then deleted, ensuring that other 136 | clients can observe the deletion. 137 | properties: 138 | apiVersion: 139 | description: 'APIVersion defines the versioned schema of this 140 | representation of an object. Servers should convert recognized 141 | schemas to the latest internal value, and may reject unrecognized 142 | values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 143 | type: string 144 | code: 145 | description: Suggested HTTP return code for this status, 0 if 146 | not set. 147 | format: int32 148 | type: integer 149 | details: 150 | description: Extended data associated with the reason. Each 151 | reason may define its own extended details. This field is 152 | optional and the data returned is not guaranteed to conform 153 | to any schema except that defined by the reason type. 154 | properties: 155 | causes: 156 | description: The Causes array includes more details associated 157 | with the StatusReason failure. Not all StatusReasons may 158 | provide detailed causes. 159 | items: 160 | properties: 161 | field: 162 | description: "The field of the resource that has caused 163 | this error, as named by its JSON serialization. 164 | May include dot and postfix notation for nested 165 | attributes. Arrays are zero-indexed. Fields may 166 | appear more than once in an array of causes due 167 | to fields having multiple errors. Optional. \n Examples: 168 | \ \"name\" - the field \"name\" on the current 169 | resource \"items[0].name\" - the field \"name\" 170 | on the first array entry in \"items\"" 171 | type: string 172 | message: 173 | description: A human-readable description of the cause 174 | of the error. This field may be presented as-is 175 | to a reader. 176 | type: string 177 | reason: 178 | description: A machine-readable description of the 179 | cause of the error. If this value is empty there 180 | is no information available. 181 | type: string 182 | type: object 183 | type: array 184 | group: 185 | description: The group attribute of the resource associated 186 | with the status StatusReason. 187 | type: string 188 | kind: 189 | description: 'The kind attribute of the resource associated 190 | with the status StatusReason. On some operations may differ 191 | from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 192 | type: string 193 | name: 194 | description: The name attribute of the resource associated 195 | with the status StatusReason (when there is a single name 196 | which can be described). 197 | type: string 198 | retryAfterSeconds: 199 | description: If specified, the time in seconds before the 200 | operation should be retried. Some errors may indicate 201 | the client must take an alternate action - for those errors 202 | this field may indicate how long to wait before taking 203 | the alternate action. 204 | format: int32 205 | type: integer 206 | uid: 207 | description: 'UID of the resource. (when there is a single 208 | resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' 209 | type: string 210 | type: object 211 | kind: 212 | description: 'Kind is a string value representing the REST resource 213 | this object represents. Servers may infer this from the endpoint 214 | the client submits requests to. Cannot be updated. In CamelCase. 215 | More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 216 | type: string 217 | message: 218 | description: A human-readable description of the status of this 219 | operation. 220 | type: string 221 | metadata: 222 | description: 'Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 223 | properties: 224 | continue: 225 | description: continue may be set if the user set a limit 226 | on the number of items returned, and indicates that the 227 | server has more data available. The value is opaque and 228 | may be used to issue another request to the endpoint that 229 | served this list to retrieve the next set of available 230 | objects. Continuing a consistent list may not be possible 231 | if the server configuration has changed or more than a 232 | few minutes have passed. The resourceVersion field returned 233 | when using this continue value will be identical to the 234 | value in the first response, unless you have received 235 | this token from an error message. 236 | type: string 237 | resourceVersion: 238 | description: 'String that identifies the server''s internal 239 | version of this object that can be used by clients to 240 | determine when objects have changed. Value must be treated 241 | as opaque by clients and passed unmodified back to the 242 | server. Populated by the system. Read-only. More info: 243 | https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' 244 | type: string 245 | selfLink: 246 | description: selfLink is a URL representing this object. 247 | Populated by the system. Read-only. 248 | type: string 249 | type: object 250 | reason: 251 | description: A machine-readable description of why this operation 252 | is in the "Failure" status. If this value is empty there is 253 | no information available. A Reason clarifies an HTTP status 254 | code but does not override it. 255 | type: string 256 | status: 257 | description: 'Status of the operation. One of: "Success" or 258 | "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' 259 | type: string 260 | type: object 261 | required: 262 | - pending 263 | type: object 264 | labels: 265 | additionalProperties: 266 | type: string 267 | description: 'Map of string keys and values that can be used to organize 268 | and categorize (scope and select) objects. May match selectors of 269 | replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' 270 | type: object 271 | managedFields: 272 | description: "ManagedFields maps workflow-id and version to the set 273 | of fields that are managed by that workflow. This is mostly for internal 274 | housekeeping, and users typically shouldn't need to set or understand 275 | this field. A workflow can be the user's name, a controller's name, 276 | or the name of a specific apply path like \"ci-cd\". The set of fields 277 | is always in the version that the workflow used when modifying the 278 | object. \n This field is alpha and can be changed or removed without 279 | notice." 280 | items: 281 | properties: 282 | apiVersion: 283 | description: APIVersion defines the version of this resource that 284 | this field set applies to. The format is "group/version" just 285 | like the top-level APIVersion field. It is necessary to track 286 | the version of a field set because it cannot be automatically 287 | converted. 288 | type: string 289 | fields: 290 | additionalProperties: true 291 | description: Fields identifies a set of fields. 292 | type: object 293 | manager: 294 | description: Manager is an identifier of the workflow managing 295 | these fields. 296 | type: string 297 | operation: 298 | description: Operation is the type of operation which lead to 299 | this ManagedFieldsEntry being created. The only valid values 300 | for this field are 'Apply' and 'Update'. 301 | type: string 302 | time: 303 | description: Time is timestamp of when these fields were set. 304 | It should always be empty if Operation is 'Apply' 305 | format: date-time 306 | type: string 307 | type: object 308 | type: array 309 | name: 310 | description: 'Name must be unique within a namespace. Is required when 311 | creating resources, although some resources may allow a client to 312 | request the generation of an appropriate name automatically. Name 313 | is primarily intended for creation idempotence and configuration definition. 314 | Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 315 | type: string 316 | namespace: 317 | description: "Namespace defines the space within each name must be unique. 318 | An empty namespace is equivalent to the \"default\" namespace, but 319 | \"default\" is the canonical representation. Not all objects are required 320 | to be scoped to a namespace - the value of this field for those objects 321 | will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: 322 | http://kubernetes.io/docs/user-guide/namespaces" 323 | type: string 324 | ownerReferences: 325 | description: List of objects depended by this object. If ALL objects 326 | in the list have been deleted, this object will be garbage collected. 327 | If this object is managed by a controller, then an entry in this list 328 | will point to this controller, with the controller field set to true. 329 | There cannot be more than one managing controller. 330 | items: 331 | properties: 332 | apiVersion: 333 | description: API version of the referent. 334 | type: string 335 | blockOwnerDeletion: 336 | description: If true, AND if the owner has the "foregroundDeletion" 337 | finalizer, then the owner cannot be deleted from the key-value 338 | store until this reference is removed. Defaults to false. To 339 | set this field, a user needs "delete" permission of the owner, 340 | otherwise 422 (Unprocessable Entity) will be returned. 341 | type: boolean 342 | controller: 343 | description: If true, this reference points to the managing controller. 344 | type: boolean 345 | kind: 346 | description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 347 | type: string 348 | name: 349 | description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 350 | type: string 351 | uid: 352 | description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' 353 | type: string 354 | required: 355 | - apiVersion 356 | - kind 357 | - name 358 | - uid 359 | type: object 360 | type: array 361 | resourceVersion: 362 | description: "An opaque value that represents the internal version of 363 | this object that can be used by clients to determine when objects 364 | have changed. May be used for optimistic concurrency, change detection, 365 | and the watch operation on a resource or set of resources. Clients 366 | must treat these values as opaque and passed unmodified back to the 367 | server. They may only be valid for a particular resource or set of 368 | resources. \n Populated by the system. Read-only. Value must be treated 369 | as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency" 370 | type: string 371 | selfLink: 372 | description: SelfLink is a URL representing this object. Populated by 373 | the system. Read-only. 374 | type: string 375 | uid: 376 | description: "UID is the unique in time and space value for this object. 377 | It is typically generated by the server on successful creation of 378 | a resource and is not allowed to change on PUT operations. \n Populated 379 | by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" 380 | type: string 381 | type: object 382 | operation: 383 | properties: 384 | sync: 385 | properties: 386 | dryRun: 387 | description: DryRun will perform a `kubectl apply --dry-run` without 388 | actually performing the sync 389 | type: boolean 390 | manifests: 391 | description: Manifests is an optional field that overrides sync 392 | source with a local directory for development 393 | items: 394 | type: string 395 | type: array 396 | prune: 397 | description: Prune deletes resources that are no longer tracked 398 | in git 399 | type: boolean 400 | resources: 401 | description: Resources describes which resources to sync 402 | items: 403 | properties: 404 | group: 405 | type: string 406 | kind: 407 | type: string 408 | name: 409 | type: string 410 | required: 411 | - kind 412 | - name 413 | type: object 414 | type: array 415 | revision: 416 | description: Revision is the git revision in which to sync the application 417 | to. If omitted, will use the revision specified in app spec. 418 | type: string 419 | source: 420 | description: Source overrides the source definition set in the application. 421 | This is typically set in a Rollback operation and nil during a 422 | Sync operation 423 | properties: 424 | directory: 425 | description: Directory holds path/directory specific options 426 | properties: 427 | jsonnet: 428 | properties: 429 | extVars: 430 | description: ExtVars is a list of Jsonnet External Variables 431 | items: 432 | properties: 433 | code: 434 | type: boolean 435 | name: 436 | type: string 437 | value: 438 | type: string 439 | required: 440 | - name 441 | - value 442 | type: object 443 | type: array 444 | tlas: 445 | description: TLAS is a list of Jsonnet Top-level Arguments 446 | items: 447 | properties: 448 | code: 449 | type: boolean 450 | name: 451 | type: string 452 | value: 453 | type: string 454 | required: 455 | - name 456 | - value 457 | type: object 458 | type: array 459 | type: object 460 | recurse: 461 | type: boolean 462 | type: object 463 | helm: 464 | description: Helm holds helm specific options 465 | properties: 466 | parameters: 467 | description: Parameters are parameters to the helm template 468 | items: 469 | properties: 470 | forceString: 471 | description: ForceString determines whether to tell 472 | Helm to interpret booleans and numbers as strings 473 | type: boolean 474 | name: 475 | description: Name is the name of the helm parameter 476 | type: string 477 | value: 478 | description: Value is the value for the helm parameter 479 | type: string 480 | type: object 481 | type: array 482 | releaseName: 483 | description: The Helm release name. If omitted it will use 484 | the application name 485 | type: string 486 | valueFiles: 487 | description: ValuesFiles is a list of Helm value files to 488 | use when generating a template 489 | items: 490 | type: string 491 | type: array 492 | type: object 493 | ksonnet: 494 | description: Ksonnet holds ksonnet specific options 495 | properties: 496 | environment: 497 | description: Environment is a ksonnet application environment 498 | name 499 | type: string 500 | parameters: 501 | description: Parameters are a list of ksonnet component 502 | parameter override values 503 | items: 504 | properties: 505 | component: 506 | type: string 507 | name: 508 | type: string 509 | value: 510 | type: string 511 | required: 512 | - name 513 | - value 514 | type: object 515 | type: array 516 | type: object 517 | kustomize: 518 | description: Kustomize holds kustomize specific options 519 | properties: 520 | commonLabels: 521 | additionalProperties: 522 | type: string 523 | description: CommonLabels adds additional kustomize commonLabels 524 | type: object 525 | images: 526 | description: Images are kustomize image overrides 527 | items: 528 | type: string 529 | type: array 530 | namePrefix: 531 | description: NamePrefix is a prefix appended to resources 532 | for kustomize apps 533 | type: string 534 | type: object 535 | path: 536 | description: Path is a directory path within the repository 537 | containing a 538 | type: string 539 | plugin: 540 | description: ConfigManagementPlugin holds config management 541 | plugin specific options 542 | properties: 543 | env: 544 | items: 545 | properties: 546 | name: 547 | description: the name, usually uppercase 548 | type: string 549 | value: 550 | description: the value 551 | type: string 552 | required: 553 | - name 554 | - value 555 | type: object 556 | type: array 557 | name: 558 | type: string 559 | type: object 560 | repoURL: 561 | description: RepoURL is the git repository URL of the application 562 | manifests 563 | type: string 564 | targetRevision: 565 | description: TargetRevision defines the commit, tag, or branch 566 | in which to sync the application to. If omitted, will sync 567 | to HEAD 568 | type: string 569 | required: 570 | - repoURL 571 | - path 572 | type: object 573 | syncStrategy: 574 | description: SyncStrategy describes how to perform the sync 575 | properties: 576 | apply: 577 | description: Apply wil perform a `kubectl apply` to perform 578 | the sync. 579 | properties: 580 | force: 581 | description: Force indicates whether or not to supply the 582 | --force flag to `kubectl apply`. The --force flag deletes 583 | and re-create the resource, when PATCH encounters conflict 584 | and has retried for 5 times. 585 | type: boolean 586 | type: object 587 | hook: 588 | description: Hook will submit any referenced resources to perform 589 | the sync. This is the default strategy 590 | properties: 591 | force: 592 | description: Force indicates whether or not to supply the 593 | --force flag to `kubectl apply`. The --force flag deletes 594 | and re-create the resource, when PATCH encounters conflict 595 | and has retried for 5 times. 596 | type: boolean 597 | type: object 598 | type: object 599 | type: object 600 | type: object 601 | spec: 602 | properties: 603 | destination: 604 | description: Destination overrides the kubernetes server and namespace 605 | defined in the environment ksonnet app.yaml 606 | properties: 607 | namespace: 608 | description: Namespace overrides the environment namespace value 609 | in the ksonnet app.yaml 610 | type: string 611 | server: 612 | description: Server overrides the environment server value in the 613 | ksonnet app.yaml 614 | type: string 615 | type: object 616 | ignoreDifferences: 617 | description: IgnoreDifferences controls resources fields which should 618 | be ignored during comparison 619 | items: 620 | properties: 621 | group: 622 | type: string 623 | jsonPointers: 624 | items: 625 | type: string 626 | type: array 627 | kind: 628 | type: string 629 | name: 630 | type: string 631 | namespace: 632 | type: string 633 | required: 634 | - group 635 | - kind 636 | - jsonPointers 637 | type: object 638 | type: array 639 | info: 640 | description: Infos contains a list of useful information (URLs, email 641 | addresses, and plain text) that relates to the application 642 | items: 643 | properties: 644 | name: 645 | type: string 646 | value: 647 | type: string 648 | required: 649 | - name 650 | - value 651 | type: object 652 | type: array 653 | project: 654 | description: Project is a application project name. Empty name means 655 | that application belongs to 'default' project. 656 | type: string 657 | source: 658 | description: Source is a reference to the location ksonnet application 659 | definition 660 | properties: 661 | directory: 662 | description: Directory holds path/directory specific options 663 | properties: 664 | jsonnet: 665 | properties: 666 | extVars: 667 | description: ExtVars is a list of Jsonnet External Variables 668 | items: 669 | properties: 670 | code: 671 | type: boolean 672 | name: 673 | type: string 674 | value: 675 | type: string 676 | required: 677 | - name 678 | - value 679 | type: object 680 | type: array 681 | tlas: 682 | description: TLAS is a list of Jsonnet Top-level Arguments 683 | items: 684 | properties: 685 | code: 686 | type: boolean 687 | name: 688 | type: string 689 | value: 690 | type: string 691 | required: 692 | - name 693 | - value 694 | type: object 695 | type: array 696 | type: object 697 | recurse: 698 | type: boolean 699 | type: object 700 | helm: 701 | description: Helm holds helm specific options 702 | properties: 703 | parameters: 704 | description: Parameters are parameters to the helm template 705 | items: 706 | properties: 707 | forceString: 708 | description: ForceString determines whether to tell Helm 709 | to interpret booleans and numbers as strings 710 | type: boolean 711 | name: 712 | description: Name is the name of the helm parameter 713 | type: string 714 | value: 715 | description: Value is the value for the helm parameter 716 | type: string 717 | type: object 718 | type: array 719 | releaseName: 720 | description: The Helm release name. If omitted it will use the 721 | application name 722 | type: string 723 | valueFiles: 724 | description: ValuesFiles is a list of Helm value files to use 725 | when generating a template 726 | items: 727 | type: string 728 | type: array 729 | type: object 730 | ksonnet: 731 | description: Ksonnet holds ksonnet specific options 732 | properties: 733 | environment: 734 | description: Environment is a ksonnet application environment 735 | name 736 | type: string 737 | parameters: 738 | description: Parameters are a list of ksonnet component parameter 739 | override values 740 | items: 741 | properties: 742 | component: 743 | type: string 744 | name: 745 | type: string 746 | value: 747 | type: string 748 | required: 749 | - name 750 | - value 751 | type: object 752 | type: array 753 | type: object 754 | kustomize: 755 | description: Kustomize holds kustomize specific options 756 | properties: 757 | commonLabels: 758 | additionalProperties: 759 | type: string 760 | description: CommonLabels adds additional kustomize commonLabels 761 | type: object 762 | images: 763 | description: Images are kustomize image overrides 764 | items: 765 | type: string 766 | type: array 767 | namePrefix: 768 | description: NamePrefix is a prefix appended to resources for 769 | kustomize apps 770 | type: string 771 | type: object 772 | path: 773 | description: Path is a directory path within the repository containing 774 | a 775 | type: string 776 | plugin: 777 | description: ConfigManagementPlugin holds config management plugin 778 | specific options 779 | properties: 780 | env: 781 | items: 782 | properties: 783 | name: 784 | description: the name, usually uppercase 785 | type: string 786 | value: 787 | description: the value 788 | type: string 789 | required: 790 | - name 791 | - value 792 | type: object 793 | type: array 794 | name: 795 | type: string 796 | type: object 797 | repoURL: 798 | description: RepoURL is the git repository URL of the application 799 | manifests 800 | type: string 801 | targetRevision: 802 | description: TargetRevision defines the commit, tag, or branch in 803 | which to sync the application to. If omitted, will sync to HEAD 804 | type: string 805 | required: 806 | - repoURL 807 | - path 808 | type: object 809 | syncPolicy: 810 | description: SyncPolicy controls when a sync will be performed 811 | properties: 812 | automated: 813 | description: Automated will keep an application synced to the target 814 | revision 815 | properties: 816 | prune: 817 | description: 'Prune will prune resources automatically as part 818 | of automated sync (default: false)' 819 | type: boolean 820 | selfHeal: 821 | description: 'SelfHeal enables auto-syncing if (default: false)' 822 | type: boolean 823 | type: object 824 | type: object 825 | required: 826 | - source 827 | - destination 828 | - project 829 | type: object 830 | status: 831 | properties: 832 | conditions: 833 | items: 834 | properties: 835 | message: 836 | description: Message contains human-readable message indicating 837 | details about condition 838 | type: string 839 | type: 840 | description: Type is an application condition type 841 | type: string 842 | required: 843 | - type 844 | - message 845 | type: object 846 | type: array 847 | health: 848 | properties: 849 | message: 850 | type: string 851 | status: 852 | type: string 853 | type: object 854 | history: 855 | items: 856 | properties: 857 | deployedAt: 858 | format: date-time 859 | type: string 860 | id: 861 | format: int64 862 | type: integer 863 | revision: 864 | type: string 865 | source: 866 | properties: 867 | directory: 868 | description: Directory holds path/directory specific options 869 | properties: 870 | jsonnet: 871 | properties: 872 | extVars: 873 | description: ExtVars is a list of Jsonnet External 874 | Variables 875 | items: 876 | properties: 877 | code: 878 | type: boolean 879 | name: 880 | type: string 881 | value: 882 | type: string 883 | required: 884 | - name 885 | - value 886 | type: object 887 | type: array 888 | tlas: 889 | description: TLAS is a list of Jsonnet Top-level Arguments 890 | items: 891 | properties: 892 | code: 893 | type: boolean 894 | name: 895 | type: string 896 | value: 897 | type: string 898 | required: 899 | - name 900 | - value 901 | type: object 902 | type: array 903 | type: object 904 | recurse: 905 | type: boolean 906 | type: object 907 | helm: 908 | description: Helm holds helm specific options 909 | properties: 910 | parameters: 911 | description: Parameters are parameters to the helm template 912 | items: 913 | properties: 914 | forceString: 915 | description: ForceString determines whether to tell 916 | Helm to interpret booleans and numbers as strings 917 | type: boolean 918 | name: 919 | description: Name is the name of the helm parameter 920 | type: string 921 | value: 922 | description: Value is the value for the helm parameter 923 | type: string 924 | type: object 925 | type: array 926 | releaseName: 927 | description: The Helm release name. If omitted it will 928 | use the application name 929 | type: string 930 | valueFiles: 931 | description: ValuesFiles is a list of Helm value files 932 | to use when generating a template 933 | items: 934 | type: string 935 | type: array 936 | type: object 937 | ksonnet: 938 | description: Ksonnet holds ksonnet specific options 939 | properties: 940 | environment: 941 | description: Environment is a ksonnet application environment 942 | name 943 | type: string 944 | parameters: 945 | description: Parameters are a list of ksonnet component 946 | parameter override values 947 | items: 948 | properties: 949 | component: 950 | type: string 951 | name: 952 | type: string 953 | value: 954 | type: string 955 | required: 956 | - name 957 | - value 958 | type: object 959 | type: array 960 | type: object 961 | kustomize: 962 | description: Kustomize holds kustomize specific options 963 | properties: 964 | commonLabels: 965 | additionalProperties: 966 | type: string 967 | description: CommonLabels adds additional kustomize commonLabels 968 | type: object 969 | images: 970 | description: Images are kustomize image overrides 971 | items: 972 | type: string 973 | type: array 974 | namePrefix: 975 | description: NamePrefix is a prefix appended to resources 976 | for kustomize apps 977 | type: string 978 | type: object 979 | path: 980 | description: Path is a directory path within the repository 981 | containing a 982 | type: string 983 | plugin: 984 | description: ConfigManagementPlugin holds config management 985 | plugin specific options 986 | properties: 987 | env: 988 | items: 989 | properties: 990 | name: 991 | description: the name, usually uppercase 992 | type: string 993 | value: 994 | description: the value 995 | type: string 996 | required: 997 | - name 998 | - value 999 | type: object 1000 | type: array 1001 | name: 1002 | type: string 1003 | type: object 1004 | repoURL: 1005 | description: RepoURL is the git repository URL of the application 1006 | manifests 1007 | type: string 1008 | targetRevision: 1009 | description: TargetRevision defines the commit, tag, or branch 1010 | in which to sync the application to. If omitted, will sync 1011 | to HEAD 1012 | type: string 1013 | required: 1014 | - repoURL 1015 | - path 1016 | type: object 1017 | required: 1018 | - revision 1019 | - deployedAt 1020 | - id 1021 | type: object 1022 | type: array 1023 | observedAt: 1024 | format: date-time 1025 | type: string 1026 | operationState: 1027 | properties: 1028 | finishedAt: 1029 | description: FinishedAt contains time of operation completion 1030 | format: date-time 1031 | type: string 1032 | message: 1033 | description: Message hold any pertinent messages when attempting 1034 | to perform operation (typically errors). 1035 | type: string 1036 | operation: 1037 | description: Operation is the original requested operation 1038 | properties: 1039 | sync: 1040 | properties: 1041 | dryRun: 1042 | description: DryRun will perform a `kubectl apply --dry-run` 1043 | without actually performing the sync 1044 | type: boolean 1045 | manifests: 1046 | description: Manifests is an optional field that overrides 1047 | sync source with a local directory for development 1048 | items: 1049 | type: string 1050 | type: array 1051 | prune: 1052 | description: Prune deletes resources that are no longer 1053 | tracked in git 1054 | type: boolean 1055 | resources: 1056 | description: Resources describes which resources to sync 1057 | items: 1058 | properties: 1059 | group: 1060 | type: string 1061 | kind: 1062 | type: string 1063 | name: 1064 | type: string 1065 | required: 1066 | - kind 1067 | - name 1068 | type: object 1069 | type: array 1070 | revision: 1071 | description: Revision is the git revision in which to sync 1072 | the application to. If omitted, will use the revision 1073 | specified in app spec. 1074 | type: string 1075 | source: 1076 | description: Source overrides the source definition set 1077 | in the application. This is typically set in a Rollback 1078 | operation and nil during a Sync operation 1079 | properties: 1080 | directory: 1081 | description: Directory holds path/directory specific 1082 | options 1083 | properties: 1084 | jsonnet: 1085 | properties: 1086 | extVars: 1087 | description: ExtVars is a list of Jsonnet External 1088 | Variables 1089 | items: 1090 | properties: 1091 | code: 1092 | type: boolean 1093 | name: 1094 | type: string 1095 | value: 1096 | type: string 1097 | required: 1098 | - name 1099 | - value 1100 | type: object 1101 | type: array 1102 | tlas: 1103 | description: TLAS is a list of Jsonnet Top-level 1104 | Arguments 1105 | items: 1106 | properties: 1107 | code: 1108 | type: boolean 1109 | name: 1110 | type: string 1111 | value: 1112 | type: string 1113 | required: 1114 | - name 1115 | - value 1116 | type: object 1117 | type: array 1118 | type: object 1119 | recurse: 1120 | type: boolean 1121 | type: object 1122 | helm: 1123 | description: Helm holds helm specific options 1124 | properties: 1125 | parameters: 1126 | description: Parameters are parameters to the helm 1127 | template 1128 | items: 1129 | properties: 1130 | forceString: 1131 | description: ForceString determines whether 1132 | to tell Helm to interpret booleans and numbers 1133 | as strings 1134 | type: boolean 1135 | name: 1136 | description: Name is the name of the helm 1137 | parameter 1138 | type: string 1139 | value: 1140 | description: Value is the value for the helm 1141 | parameter 1142 | type: string 1143 | type: object 1144 | type: array 1145 | releaseName: 1146 | description: The Helm release name. If omitted it 1147 | will use the application name 1148 | type: string 1149 | valueFiles: 1150 | description: ValuesFiles is a list of Helm value 1151 | files to use when generating a template 1152 | items: 1153 | type: string 1154 | type: array 1155 | type: object 1156 | ksonnet: 1157 | description: Ksonnet holds ksonnet specific options 1158 | properties: 1159 | environment: 1160 | description: Environment is a ksonnet application 1161 | environment name 1162 | type: string 1163 | parameters: 1164 | description: Parameters are a list of ksonnet component 1165 | parameter override values 1166 | items: 1167 | properties: 1168 | component: 1169 | type: string 1170 | name: 1171 | type: string 1172 | value: 1173 | type: string 1174 | required: 1175 | - name 1176 | - value 1177 | type: object 1178 | type: array 1179 | type: object 1180 | kustomize: 1181 | description: Kustomize holds kustomize specific options 1182 | properties: 1183 | commonLabels: 1184 | additionalProperties: 1185 | type: string 1186 | description: CommonLabels adds additional kustomize 1187 | commonLabels 1188 | type: object 1189 | images: 1190 | description: Images are kustomize image overrides 1191 | items: 1192 | type: string 1193 | type: array 1194 | namePrefix: 1195 | description: NamePrefix is a prefix appended to 1196 | resources for kustomize apps 1197 | type: string 1198 | type: object 1199 | path: 1200 | description: Path is a directory path within the repository 1201 | containing a 1202 | type: string 1203 | plugin: 1204 | description: ConfigManagementPlugin holds config management 1205 | plugin specific options 1206 | properties: 1207 | env: 1208 | items: 1209 | properties: 1210 | name: 1211 | description: the name, usually uppercase 1212 | type: string 1213 | value: 1214 | description: the value 1215 | type: string 1216 | required: 1217 | - name 1218 | - value 1219 | type: object 1220 | type: array 1221 | name: 1222 | type: string 1223 | type: object 1224 | repoURL: 1225 | description: RepoURL is the git repository URL of the 1226 | application manifests 1227 | type: string 1228 | targetRevision: 1229 | description: TargetRevision defines the commit, tag, 1230 | or branch in which to sync the application to. If 1231 | omitted, will sync to HEAD 1232 | type: string 1233 | required: 1234 | - repoURL 1235 | - path 1236 | type: object 1237 | syncStrategy: 1238 | description: SyncStrategy describes how to perform the sync 1239 | properties: 1240 | apply: 1241 | description: Apply wil perform a `kubectl apply` to 1242 | perform the sync. 1243 | properties: 1244 | force: 1245 | description: Force indicates whether or not to supply 1246 | the --force flag to `kubectl apply`. The --force 1247 | flag deletes and re-create the resource, when 1248 | PATCH encounters conflict and has retried for 1249 | 5 times. 1250 | type: boolean 1251 | type: object 1252 | hook: 1253 | description: Hook will submit any referenced resources 1254 | to perform the sync. This is the default strategy 1255 | properties: 1256 | force: 1257 | description: Force indicates whether or not to supply 1258 | the --force flag to `kubectl apply`. The --force 1259 | flag deletes and re-create the resource, when 1260 | PATCH encounters conflict and has retried for 1261 | 5 times. 1262 | type: boolean 1263 | type: object 1264 | type: object 1265 | type: object 1266 | type: object 1267 | phase: 1268 | description: Phase is the current phase of the operation 1269 | type: string 1270 | startedAt: 1271 | description: StartedAt contains time of operation start 1272 | format: date-time 1273 | type: string 1274 | syncResult: 1275 | description: SyncResult is the result of a Sync operation 1276 | properties: 1277 | resources: 1278 | description: Resources holds the sync result of each individual 1279 | resource 1280 | items: 1281 | properties: 1282 | group: 1283 | type: string 1284 | hookPhase: 1285 | description: 'the state of any operation associated with 1286 | this resource OR hook note: can contain values for non-hook 1287 | resources' 1288 | type: string 1289 | hookType: 1290 | description: the type of the hook, empty for non-hook 1291 | resources 1292 | type: string 1293 | kind: 1294 | type: string 1295 | message: 1296 | description: message for the last sync OR operation 1297 | type: string 1298 | name: 1299 | type: string 1300 | namespace: 1301 | type: string 1302 | status: 1303 | description: the final result of the sync, this is be 1304 | empty if the resources is yet to be applied/pruned and 1305 | is always zero-value for hooks 1306 | type: string 1307 | syncPhase: 1308 | description: indicates the particular phase of the sync 1309 | that this is for 1310 | type: string 1311 | version: 1312 | type: string 1313 | required: 1314 | - group 1315 | - version 1316 | - kind 1317 | - namespace 1318 | - name 1319 | type: object 1320 | type: array 1321 | revision: 1322 | description: Revision holds the git commit SHA of the sync 1323 | type: string 1324 | source: 1325 | description: Source records the application source information 1326 | of the sync, used for comparing auto-sync 1327 | properties: 1328 | directory: 1329 | description: Directory holds path/directory specific options 1330 | properties: 1331 | jsonnet: 1332 | properties: 1333 | extVars: 1334 | description: ExtVars is a list of Jsonnet External 1335 | Variables 1336 | items: 1337 | properties: 1338 | code: 1339 | type: boolean 1340 | name: 1341 | type: string 1342 | value: 1343 | type: string 1344 | required: 1345 | - name 1346 | - value 1347 | type: object 1348 | type: array 1349 | tlas: 1350 | description: TLAS is a list of Jsonnet Top-level 1351 | Arguments 1352 | items: 1353 | properties: 1354 | code: 1355 | type: boolean 1356 | name: 1357 | type: string 1358 | value: 1359 | type: string 1360 | required: 1361 | - name 1362 | - value 1363 | type: object 1364 | type: array 1365 | type: object 1366 | recurse: 1367 | type: boolean 1368 | type: object 1369 | helm: 1370 | description: Helm holds helm specific options 1371 | properties: 1372 | parameters: 1373 | description: Parameters are parameters to the helm template 1374 | items: 1375 | properties: 1376 | forceString: 1377 | description: ForceString determines whether to 1378 | tell Helm to interpret booleans and numbers 1379 | as strings 1380 | type: boolean 1381 | name: 1382 | description: Name is the name of the helm parameter 1383 | type: string 1384 | value: 1385 | description: Value is the value for the helm parameter 1386 | type: string 1387 | type: object 1388 | type: array 1389 | releaseName: 1390 | description: The Helm release name. If omitted it will 1391 | use the application name 1392 | type: string 1393 | valueFiles: 1394 | description: ValuesFiles is a list of Helm value files 1395 | to use when generating a template 1396 | items: 1397 | type: string 1398 | type: array 1399 | type: object 1400 | ksonnet: 1401 | description: Ksonnet holds ksonnet specific options 1402 | properties: 1403 | environment: 1404 | description: Environment is a ksonnet application environment 1405 | name 1406 | type: string 1407 | parameters: 1408 | description: Parameters are a list of ksonnet component 1409 | parameter override values 1410 | items: 1411 | properties: 1412 | component: 1413 | type: string 1414 | name: 1415 | type: string 1416 | value: 1417 | type: string 1418 | required: 1419 | - name 1420 | - value 1421 | type: object 1422 | type: array 1423 | type: object 1424 | kustomize: 1425 | description: Kustomize holds kustomize specific options 1426 | properties: 1427 | commonLabels: 1428 | additionalProperties: 1429 | type: string 1430 | description: CommonLabels adds additional kustomize 1431 | commonLabels 1432 | type: object 1433 | images: 1434 | description: Images are kustomize image overrides 1435 | items: 1436 | type: string 1437 | type: array 1438 | namePrefix: 1439 | description: NamePrefix is a prefix appended to resources 1440 | for kustomize apps 1441 | type: string 1442 | type: object 1443 | path: 1444 | description: Path is a directory path within the repository 1445 | containing a 1446 | type: string 1447 | plugin: 1448 | description: ConfigManagementPlugin holds config management 1449 | plugin specific options 1450 | properties: 1451 | env: 1452 | items: 1453 | properties: 1454 | name: 1455 | description: the name, usually uppercase 1456 | type: string 1457 | value: 1458 | description: the value 1459 | type: string 1460 | required: 1461 | - name 1462 | - value 1463 | type: object 1464 | type: array 1465 | name: 1466 | type: string 1467 | type: object 1468 | repoURL: 1469 | description: RepoURL is the git repository URL of the application 1470 | manifests 1471 | type: string 1472 | targetRevision: 1473 | description: TargetRevision defines the commit, tag, or 1474 | branch in which to sync the application to. If omitted, 1475 | will sync to HEAD 1476 | type: string 1477 | required: 1478 | - repoURL 1479 | - path 1480 | type: object 1481 | required: 1482 | - revision 1483 | type: object 1484 | required: 1485 | - operation 1486 | - phase 1487 | - startedAt 1488 | type: object 1489 | reconciledAt: 1490 | format: date-time 1491 | type: string 1492 | resources: 1493 | items: 1494 | properties: 1495 | group: 1496 | type: string 1497 | health: 1498 | properties: 1499 | message: 1500 | type: string 1501 | status: 1502 | type: string 1503 | type: object 1504 | hook: 1505 | type: boolean 1506 | kind: 1507 | type: string 1508 | name: 1509 | type: string 1510 | namespace: 1511 | type: string 1512 | requiresPruning: 1513 | type: boolean 1514 | status: 1515 | type: string 1516 | version: 1517 | type: string 1518 | type: object 1519 | type: array 1520 | sourceType: 1521 | type: string 1522 | summary: 1523 | properties: 1524 | externalURLs: 1525 | description: ExternalURLs holds all external URLs of application 1526 | child resources. 1527 | items: 1528 | type: string 1529 | type: array 1530 | images: 1531 | description: Images holds all images of application child resources. 1532 | items: 1533 | type: string 1534 | type: array 1535 | type: object 1536 | sync: 1537 | properties: 1538 | comparedTo: 1539 | properties: 1540 | destination: 1541 | properties: 1542 | namespace: 1543 | description: Namespace overrides the environment namespace 1544 | value in the ksonnet app.yaml 1545 | type: string 1546 | server: 1547 | description: Server overrides the environment server value 1548 | in the ksonnet app.yaml 1549 | type: string 1550 | type: object 1551 | source: 1552 | properties: 1553 | directory: 1554 | description: Directory holds path/directory specific options 1555 | properties: 1556 | jsonnet: 1557 | properties: 1558 | extVars: 1559 | description: ExtVars is a list of Jsonnet External 1560 | Variables 1561 | items: 1562 | properties: 1563 | code: 1564 | type: boolean 1565 | name: 1566 | type: string 1567 | value: 1568 | type: string 1569 | required: 1570 | - name 1571 | - value 1572 | type: object 1573 | type: array 1574 | tlas: 1575 | description: TLAS is a list of Jsonnet Top-level 1576 | Arguments 1577 | items: 1578 | properties: 1579 | code: 1580 | type: boolean 1581 | name: 1582 | type: string 1583 | value: 1584 | type: string 1585 | required: 1586 | - name 1587 | - value 1588 | type: object 1589 | type: array 1590 | type: object 1591 | recurse: 1592 | type: boolean 1593 | type: object 1594 | helm: 1595 | description: Helm holds helm specific options 1596 | properties: 1597 | parameters: 1598 | description: Parameters are parameters to the helm template 1599 | items: 1600 | properties: 1601 | forceString: 1602 | description: ForceString determines whether to 1603 | tell Helm to interpret booleans and numbers 1604 | as strings 1605 | type: boolean 1606 | name: 1607 | description: Name is the name of the helm parameter 1608 | type: string 1609 | value: 1610 | description: Value is the value for the helm parameter 1611 | type: string 1612 | type: object 1613 | type: array 1614 | releaseName: 1615 | description: The Helm release name. If omitted it will 1616 | use the application name 1617 | type: string 1618 | valueFiles: 1619 | description: ValuesFiles is a list of Helm value files 1620 | to use when generating a template 1621 | items: 1622 | type: string 1623 | type: array 1624 | type: object 1625 | ksonnet: 1626 | description: Ksonnet holds ksonnet specific options 1627 | properties: 1628 | environment: 1629 | description: Environment is a ksonnet application environment 1630 | name 1631 | type: string 1632 | parameters: 1633 | description: Parameters are a list of ksonnet component 1634 | parameter override values 1635 | items: 1636 | properties: 1637 | component: 1638 | type: string 1639 | name: 1640 | type: string 1641 | value: 1642 | type: string 1643 | required: 1644 | - name 1645 | - value 1646 | type: object 1647 | type: array 1648 | type: object 1649 | kustomize: 1650 | description: Kustomize holds kustomize specific options 1651 | properties: 1652 | commonLabels: 1653 | additionalProperties: 1654 | type: string 1655 | description: CommonLabels adds additional kustomize 1656 | commonLabels 1657 | type: object 1658 | images: 1659 | description: Images are kustomize image overrides 1660 | items: 1661 | type: string 1662 | type: array 1663 | namePrefix: 1664 | description: NamePrefix is a prefix appended to resources 1665 | for kustomize apps 1666 | type: string 1667 | type: object 1668 | path: 1669 | description: Path is a directory path within the repository 1670 | containing a 1671 | type: string 1672 | plugin: 1673 | description: ConfigManagementPlugin holds config management 1674 | plugin specific options 1675 | properties: 1676 | env: 1677 | items: 1678 | properties: 1679 | name: 1680 | description: the name, usually uppercase 1681 | type: string 1682 | value: 1683 | description: the value 1684 | type: string 1685 | required: 1686 | - name 1687 | - value 1688 | type: object 1689 | type: array 1690 | name: 1691 | type: string 1692 | type: object 1693 | repoURL: 1694 | description: RepoURL is the git repository URL of the application 1695 | manifests 1696 | type: string 1697 | targetRevision: 1698 | description: TargetRevision defines the commit, tag, or 1699 | branch in which to sync the application to. If omitted, 1700 | will sync to HEAD 1701 | type: string 1702 | required: 1703 | - repoURL 1704 | - path 1705 | type: object 1706 | required: 1707 | - source 1708 | - destination 1709 | type: object 1710 | revision: 1711 | type: string 1712 | status: 1713 | type: string 1714 | required: 1715 | - status 1716 | type: object 1717 | type: object 1718 | required: 1719 | - metadata 1720 | - spec 1721 | type: object 1722 | versions: 1723 | - name: v1alpha1 1724 | served: true 1725 | storage: true 1726 | --- 1727 | apiVersion: apiextensions.k8s.io/v1beta1 1728 | kind: CustomResourceDefinition 1729 | metadata: 1730 | labels: 1731 | app.kubernetes.io/name: appprojects.argoproj.io 1732 | app.kubernetes.io/part-of: argocd 1733 | name: appprojects.argoproj.io 1734 | spec: 1735 | group: argoproj.io 1736 | names: 1737 | kind: AppProject 1738 | plural: appprojects 1739 | shortNames: 1740 | - appproj 1741 | - appprojs 1742 | scope: Namespaced 1743 | validation: 1744 | openAPIV3Schema: 1745 | description: 'AppProject provides a logical grouping of applications, providing 1746 | controls for: * where the apps may deploy to (cluster whitelist) * what may 1747 | be deployed (repository whitelist, resource whitelist/blacklist) * who can 1748 | access these applications (roles, OIDC group claims bindings) * and what they 1749 | can do (RBAC policies) * automation access to these roles (JWT tokens)' 1750 | properties: 1751 | apiVersion: 1752 | description: 'APIVersion defines the versioned schema of this representation 1753 | of an object. Servers should convert recognized schemas to the latest 1754 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 1755 | type: string 1756 | kind: 1757 | description: 'Kind is a string value representing the REST resource this 1758 | object represents. Servers may infer this from the endpoint the client 1759 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 1760 | type: string 1761 | metadata: 1762 | properties: 1763 | annotations: 1764 | additionalProperties: 1765 | type: string 1766 | description: 'Annotations is an unstructured key value map stored with 1767 | a resource that may be set by external tools to store and retrieve 1768 | arbitrary metadata. They are not queryable and should be preserved 1769 | when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' 1770 | type: object 1771 | clusterName: 1772 | description: The name of the cluster which the object belongs to. This 1773 | is used to distinguish resources with same name and namespace in different 1774 | clusters. This field is not set anywhere right now and apiserver is 1775 | going to ignore it if set in create or update request. 1776 | type: string 1777 | deletionGracePeriodSeconds: 1778 | description: Number of seconds allowed for this object to gracefully 1779 | terminate before it will be removed from the system. Only set when 1780 | deletionTimestamp is also set. May only be shortened. Read-only. 1781 | format: int64 1782 | type: integer 1783 | deletionTimestamp: 1784 | description: "DeletionTimestamp is RFC 3339 date and time at which this 1785 | resource will be deleted. This field is set by the server when a graceful 1786 | deletion is requested by the user, and is not directly settable by 1787 | a client. The resource is expected to be deleted (no longer visible 1788 | from resource lists, and not reachable by name) after the time in 1789 | this field, once the finalizers list is empty. As long as the finalizers 1790 | list contains items, deletion is blocked. Once the deletionTimestamp 1791 | is set, this value may not be unset or be set further into the future, 1792 | although it may be shortened or the resource may be deleted prior 1793 | to this time. For example, a user may request that a pod is deleted 1794 | in 30 seconds. The Kubelet will react by sending a graceful termination 1795 | signal to the containers in the pod. After that 30 seconds, the Kubelet 1796 | will send a hard termination signal (SIGKILL) to the container and 1797 | after cleanup, remove the pod from the API. In the presence of network 1798 | partitions, this object may still exist after this timestamp, until 1799 | an administrator or automated process can determine the resource is 1800 | fully terminated. If not set, graceful deletion of the object has 1801 | not been requested. \n Populated by the system when a graceful deletion 1802 | is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" 1803 | format: date-time 1804 | type: string 1805 | finalizers: 1806 | description: Must be empty before the object is deleted from the registry. 1807 | Each entry is an identifier for the responsible component that will 1808 | remove the entry from the list. If the deletionTimestamp of the object 1809 | is non-nil, entries in this list can only be removed. 1810 | items: 1811 | type: string 1812 | type: array 1813 | generateName: 1814 | description: "GenerateName is an optional prefix, used by the server, 1815 | to generate a unique name ONLY IF the Name field has not been provided. 1816 | If this field is used, the name returned to the client will be different 1817 | than the name passed. This value will also be combined with a unique 1818 | suffix. The provided value has the same validation rules as the Name 1819 | field, and may be truncated by the length of the suffix required to 1820 | make the value unique on the server. \n If this field is specified 1821 | and the generated name exists, the server will NOT return a 409 - 1822 | instead, it will either return 201 Created or 500 with Reason ServerTimeout 1823 | indicating a unique name could not be found in the time allotted, 1824 | and the client should retry (optionally after the time indicated in 1825 | the Retry-After header). \n Applied only if Name is not specified. 1826 | More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency" 1827 | type: string 1828 | generation: 1829 | description: A sequence number representing a specific generation of 1830 | the desired state. Populated by the system. Read-only. 1831 | format: int64 1832 | type: integer 1833 | initializers: 1834 | description: "An initializer is a controller which enforces some system 1835 | invariant at object creation time. This field is a list of initializers 1836 | that have not yet acted on this object. If nil or empty, this object 1837 | has been completely initialized. Otherwise, the object is considered 1838 | uninitialized and is hidden (in list/watch and get calls) from clients 1839 | that haven't explicitly asked to observe uninitialized objects. \n 1840 | When an object is created, the system will populate this list with 1841 | the current set of initializers. Only privileged users may set or 1842 | modify this list. Once it is empty, it may not be modified further 1843 | by any user. \n DEPRECATED - initializers are an alpha field and will 1844 | be removed in v1.15." 1845 | properties: 1846 | pending: 1847 | description: Pending is a list of initializers that must execute 1848 | in order before this object is visible. When the last pending 1849 | initializer is removed, and no failing result is set, the initializers 1850 | struct will be set to nil and the object is considered as initialized 1851 | and visible to all clients. 1852 | items: 1853 | properties: 1854 | name: 1855 | description: name of the process that is responsible for initializing 1856 | this object. 1857 | type: string 1858 | required: 1859 | - name 1860 | type: object 1861 | type: array 1862 | result: 1863 | description: If result is set with the Failure field, the object 1864 | will be persisted to storage and then deleted, ensuring that other 1865 | clients can observe the deletion. 1866 | properties: 1867 | apiVersion: 1868 | description: 'APIVersion defines the versioned schema of this 1869 | representation of an object. Servers should convert recognized 1870 | schemas to the latest internal value, and may reject unrecognized 1871 | values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 1872 | type: string 1873 | code: 1874 | description: Suggested HTTP return code for this status, 0 if 1875 | not set. 1876 | format: int32 1877 | type: integer 1878 | details: 1879 | description: Extended data associated with the reason. Each 1880 | reason may define its own extended details. This field is 1881 | optional and the data returned is not guaranteed to conform 1882 | to any schema except that defined by the reason type. 1883 | properties: 1884 | causes: 1885 | description: The Causes array includes more details associated 1886 | with the StatusReason failure. Not all StatusReasons may 1887 | provide detailed causes. 1888 | items: 1889 | properties: 1890 | field: 1891 | description: "The field of the resource that has caused 1892 | this error, as named by its JSON serialization. 1893 | May include dot and postfix notation for nested 1894 | attributes. Arrays are zero-indexed. Fields may 1895 | appear more than once in an array of causes due 1896 | to fields having multiple errors. Optional. \n Examples: 1897 | \ \"name\" - the field \"name\" on the current 1898 | resource \"items[0].name\" - the field \"name\" 1899 | on the first array entry in \"items\"" 1900 | type: string 1901 | message: 1902 | description: A human-readable description of the cause 1903 | of the error. This field may be presented as-is 1904 | to a reader. 1905 | type: string 1906 | reason: 1907 | description: A machine-readable description of the 1908 | cause of the error. If this value is empty there 1909 | is no information available. 1910 | type: string 1911 | type: object 1912 | type: array 1913 | group: 1914 | description: The group attribute of the resource associated 1915 | with the status StatusReason. 1916 | type: string 1917 | kind: 1918 | description: 'The kind attribute of the resource associated 1919 | with the status StatusReason. On some operations may differ 1920 | from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 1921 | type: string 1922 | name: 1923 | description: The name attribute of the resource associated 1924 | with the status StatusReason (when there is a single name 1925 | which can be described). 1926 | type: string 1927 | retryAfterSeconds: 1928 | description: If specified, the time in seconds before the 1929 | operation should be retried. Some errors may indicate 1930 | the client must take an alternate action - for those errors 1931 | this field may indicate how long to wait before taking 1932 | the alternate action. 1933 | format: int32 1934 | type: integer 1935 | uid: 1936 | description: 'UID of the resource. (when there is a single 1937 | resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' 1938 | type: string 1939 | type: object 1940 | kind: 1941 | description: 'Kind is a string value representing the REST resource 1942 | this object represents. Servers may infer this from the endpoint 1943 | the client submits requests to. Cannot be updated. In CamelCase. 1944 | More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 1945 | type: string 1946 | message: 1947 | description: A human-readable description of the status of this 1948 | operation. 1949 | type: string 1950 | metadata: 1951 | description: 'Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 1952 | properties: 1953 | continue: 1954 | description: continue may be set if the user set a limit 1955 | on the number of items returned, and indicates that the 1956 | server has more data available. The value is opaque and 1957 | may be used to issue another request to the endpoint that 1958 | served this list to retrieve the next set of available 1959 | objects. Continuing a consistent list may not be possible 1960 | if the server configuration has changed or more than a 1961 | few minutes have passed. The resourceVersion field returned 1962 | when using this continue value will be identical to the 1963 | value in the first response, unless you have received 1964 | this token from an error message. 1965 | type: string 1966 | resourceVersion: 1967 | description: 'String that identifies the server''s internal 1968 | version of this object that can be used by clients to 1969 | determine when objects have changed. Value must be treated 1970 | as opaque by clients and passed unmodified back to the 1971 | server. Populated by the system. Read-only. More info: 1972 | https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' 1973 | type: string 1974 | selfLink: 1975 | description: selfLink is a URL representing this object. 1976 | Populated by the system. Read-only. 1977 | type: string 1978 | type: object 1979 | reason: 1980 | description: A machine-readable description of why this operation 1981 | is in the "Failure" status. If this value is empty there is 1982 | no information available. A Reason clarifies an HTTP status 1983 | code but does not override it. 1984 | type: string 1985 | status: 1986 | description: 'Status of the operation. One of: "Success" or 1987 | "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' 1988 | type: string 1989 | type: object 1990 | required: 1991 | - pending 1992 | type: object 1993 | labels: 1994 | additionalProperties: 1995 | type: string 1996 | description: 'Map of string keys and values that can be used to organize 1997 | and categorize (scope and select) objects. May match selectors of 1998 | replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' 1999 | type: object 2000 | managedFields: 2001 | description: "ManagedFields maps workflow-id and version to the set 2002 | of fields that are managed by that workflow. This is mostly for internal 2003 | housekeeping, and users typically shouldn't need to set or understand 2004 | this field. A workflow can be the user's name, a controller's name, 2005 | or the name of a specific apply path like \"ci-cd\". The set of fields 2006 | is always in the version that the workflow used when modifying the 2007 | object. \n This field is alpha and can be changed or removed without 2008 | notice." 2009 | items: 2010 | properties: 2011 | apiVersion: 2012 | description: APIVersion defines the version of this resource that 2013 | this field set applies to. The format is "group/version" just 2014 | like the top-level APIVersion field. It is necessary to track 2015 | the version of a field set because it cannot be automatically 2016 | converted. 2017 | type: string 2018 | fields: 2019 | additionalProperties: true 2020 | description: Fields identifies a set of fields. 2021 | type: object 2022 | manager: 2023 | description: Manager is an identifier of the workflow managing 2024 | these fields. 2025 | type: string 2026 | operation: 2027 | description: Operation is the type of operation which lead to 2028 | this ManagedFieldsEntry being created. The only valid values 2029 | for this field are 'Apply' and 'Update'. 2030 | type: string 2031 | time: 2032 | description: Time is timestamp of when these fields were set. 2033 | It should always be empty if Operation is 'Apply' 2034 | format: date-time 2035 | type: string 2036 | type: object 2037 | type: array 2038 | name: 2039 | description: 'Name must be unique within a namespace. Is required when 2040 | creating resources, although some resources may allow a client to 2041 | request the generation of an appropriate name automatically. Name 2042 | is primarily intended for creation idempotence and configuration definition. 2043 | Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 2044 | type: string 2045 | namespace: 2046 | description: "Namespace defines the space within each name must be unique. 2047 | An empty namespace is equivalent to the \"default\" namespace, but 2048 | \"default\" is the canonical representation. Not all objects are required 2049 | to be scoped to a namespace - the value of this field for those objects 2050 | will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: 2051 | http://kubernetes.io/docs/user-guide/namespaces" 2052 | type: string 2053 | ownerReferences: 2054 | description: List of objects depended by this object. If ALL objects 2055 | in the list have been deleted, this object will be garbage collected. 2056 | If this object is managed by a controller, then an entry in this list 2057 | will point to this controller, with the controller field set to true. 2058 | There cannot be more than one managing controller. 2059 | items: 2060 | properties: 2061 | apiVersion: 2062 | description: API version of the referent. 2063 | type: string 2064 | blockOwnerDeletion: 2065 | description: If true, AND if the owner has the "foregroundDeletion" 2066 | finalizer, then the owner cannot be deleted from the key-value 2067 | store until this reference is removed. Defaults to false. To 2068 | set this field, a user needs "delete" permission of the owner, 2069 | otherwise 422 (Unprocessable Entity) will be returned. 2070 | type: boolean 2071 | controller: 2072 | description: If true, this reference points to the managing controller. 2073 | type: boolean 2074 | kind: 2075 | description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 2076 | type: string 2077 | name: 2078 | description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 2079 | type: string 2080 | uid: 2081 | description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' 2082 | type: string 2083 | required: 2084 | - apiVersion 2085 | - kind 2086 | - name 2087 | - uid 2088 | type: object 2089 | type: array 2090 | resourceVersion: 2091 | description: "An opaque value that represents the internal version of 2092 | this object that can be used by clients to determine when objects 2093 | have changed. May be used for optimistic concurrency, change detection, 2094 | and the watch operation on a resource or set of resources. Clients 2095 | must treat these values as opaque and passed unmodified back to the 2096 | server. They may only be valid for a particular resource or set of 2097 | resources. \n Populated by the system. Read-only. Value must be treated 2098 | as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency" 2099 | type: string 2100 | selfLink: 2101 | description: SelfLink is a URL representing this object. Populated by 2102 | the system. Read-only. 2103 | type: string 2104 | uid: 2105 | description: "UID is the unique in time and space value for this object. 2106 | It is typically generated by the server on successful creation of 2107 | a resource and is not allowed to change on PUT operations. \n Populated 2108 | by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" 2109 | type: string 2110 | type: object 2111 | spec: 2112 | properties: 2113 | clusterResourceWhitelist: 2114 | description: ClusterResourceWhitelist contains list of whitelisted cluster 2115 | level resources 2116 | items: 2117 | properties: 2118 | group: 2119 | type: string 2120 | kind: 2121 | type: string 2122 | required: 2123 | - group 2124 | - kind 2125 | type: object 2126 | type: array 2127 | description: 2128 | description: Description contains optional project description 2129 | type: string 2130 | destinations: 2131 | description: Destinations contains list of destinations available for 2132 | deployment 2133 | items: 2134 | properties: 2135 | namespace: 2136 | description: Namespace overrides the environment namespace value 2137 | in the ksonnet app.yaml 2138 | type: string 2139 | server: 2140 | description: Server overrides the environment server value in 2141 | the ksonnet app.yaml 2142 | type: string 2143 | type: object 2144 | type: array 2145 | namespaceResourceBlacklist: 2146 | description: NamespaceResourceBlacklist contains list of blacklisted 2147 | namespace level resources 2148 | items: 2149 | properties: 2150 | group: 2151 | type: string 2152 | kind: 2153 | type: string 2154 | required: 2155 | - group 2156 | - kind 2157 | type: object 2158 | type: array 2159 | roles: 2160 | description: Roles are user defined RBAC roles associated with this 2161 | project 2162 | items: 2163 | properties: 2164 | description: 2165 | description: Description is a description of the role 2166 | type: string 2167 | groups: 2168 | description: Groups are a list of OIDC group claims bound to this 2169 | role 2170 | items: 2171 | type: string 2172 | type: array 2173 | jwtTokens: 2174 | description: JWTTokens are a list of generated JWT tokens bound 2175 | to this role 2176 | items: 2177 | properties: 2178 | exp: 2179 | format: int64 2180 | type: integer 2181 | iat: 2182 | format: int64 2183 | type: integer 2184 | required: 2185 | - iat 2186 | type: object 2187 | type: array 2188 | name: 2189 | description: Name is a name for this role 2190 | type: string 2191 | policies: 2192 | description: Policies Stores a list of casbin formated strings 2193 | that define access policies for the role in the project 2194 | items: 2195 | type: string 2196 | type: array 2197 | required: 2198 | - name 2199 | type: object 2200 | type: array 2201 | sourceRepos: 2202 | description: SourceRepos contains list of git repository URLs which 2203 | can be used for deployment 2204 | items: 2205 | type: string 2206 | type: array 2207 | type: object 2208 | required: 2209 | - metadata 2210 | - spec 2211 | type: object 2212 | versions: 2213 | - name: v1alpha1 2214 | served: true 2215 | storage: true 2216 | --- 2217 | apiVersion: v1 2218 | kind: ServiceAccount 2219 | metadata: 2220 | labels: 2221 | app.kubernetes.io/component: application-controller 2222 | app.kubernetes.io/name: argocd-application-controller 2223 | app.kubernetes.io/part-of: argocd 2224 | name: argocd-application-controller 2225 | --- 2226 | apiVersion: v1 2227 | kind: ServiceAccount 2228 | metadata: 2229 | labels: 2230 | app.kubernetes.io/component: dex-server 2231 | app.kubernetes.io/name: argocd-dex-server 2232 | app.kubernetes.io/part-of: argocd 2233 | name: argocd-dex-server 2234 | --- 2235 | apiVersion: v1 2236 | kind: ServiceAccount 2237 | metadata: 2238 | labels: 2239 | app.kubernetes.io/component: server 2240 | app.kubernetes.io/name: argocd-server 2241 | app.kubernetes.io/part-of: argocd 2242 | name: argocd-server 2243 | --- 2244 | apiVersion: rbac.authorization.k8s.io/v1 2245 | kind: Role 2246 | metadata: 2247 | labels: 2248 | app.kubernetes.io/component: application-controller 2249 | app.kubernetes.io/name: argocd-application-controller 2250 | app.kubernetes.io/part-of: argocd 2251 | name: argocd-application-controller 2252 | rules: 2253 | - apiGroups: 2254 | - "" 2255 | resources: 2256 | - secrets 2257 | - configmaps 2258 | verbs: 2259 | - get 2260 | - list 2261 | - watch 2262 | - apiGroups: 2263 | - argoproj.io 2264 | resources: 2265 | - applications 2266 | - appprojects 2267 | verbs: 2268 | - create 2269 | - get 2270 | - list 2271 | - watch 2272 | - update 2273 | - patch 2274 | - delete 2275 | - apiGroups: 2276 | - "" 2277 | resources: 2278 | - events 2279 | verbs: 2280 | - create 2281 | - list 2282 | --- 2283 | apiVersion: rbac.authorization.k8s.io/v1 2284 | kind: Role 2285 | metadata: 2286 | labels: 2287 | app.kubernetes.io/component: dex-server 2288 | app.kubernetes.io/name: argocd-dex-server 2289 | app.kubernetes.io/part-of: argocd 2290 | name: argocd-dex-server 2291 | rules: 2292 | - apiGroups: 2293 | - "" 2294 | resources: 2295 | - secrets 2296 | - configmaps 2297 | verbs: 2298 | - get 2299 | - list 2300 | - watch 2301 | --- 2302 | apiVersion: rbac.authorization.k8s.io/v1 2303 | kind: Role 2304 | metadata: 2305 | labels: 2306 | app.kubernetes.io/component: server 2307 | app.kubernetes.io/name: argocd-server 2308 | app.kubernetes.io/part-of: argocd 2309 | name: argocd-server 2310 | rules: 2311 | - apiGroups: 2312 | - "" 2313 | resources: 2314 | - secrets 2315 | - configmaps 2316 | verbs: 2317 | - create 2318 | - get 2319 | - list 2320 | - watch 2321 | - update 2322 | - patch 2323 | - delete 2324 | - apiGroups: 2325 | - argoproj.io 2326 | resources: 2327 | - applications 2328 | - appprojects 2329 | verbs: 2330 | - create 2331 | - get 2332 | - list 2333 | - watch 2334 | - update 2335 | - delete 2336 | - patch 2337 | - apiGroups: 2338 | - "" 2339 | resources: 2340 | - events 2341 | verbs: 2342 | - create 2343 | - list 2344 | --- 2345 | apiVersion: rbac.authorization.k8s.io/v1 2346 | kind: ClusterRole 2347 | metadata: 2348 | labels: 2349 | app.kubernetes.io/component: application-controller 2350 | app.kubernetes.io/name: argocd-application-controller 2351 | app.kubernetes.io/part-of: argocd 2352 | name: argocd-application-controller 2353 | rules: 2354 | - apiGroups: 2355 | - '*' 2356 | resources: 2357 | - '*' 2358 | verbs: 2359 | - '*' 2360 | - nonResourceURLs: 2361 | - '*' 2362 | verbs: 2363 | - '*' 2364 | --- 2365 | apiVersion: rbac.authorization.k8s.io/v1 2366 | kind: ClusterRole 2367 | metadata: 2368 | labels: 2369 | app.kubernetes.io/component: server 2370 | app.kubernetes.io/name: argocd-server 2371 | app.kubernetes.io/part-of: argocd 2372 | name: argocd-server 2373 | rules: 2374 | - apiGroups: 2375 | - '*' 2376 | resources: 2377 | - '*' 2378 | verbs: 2379 | - delete 2380 | - get 2381 | - patch 2382 | - apiGroups: 2383 | - "" 2384 | resources: 2385 | - events 2386 | verbs: 2387 | - list 2388 | - apiGroups: 2389 | - "" 2390 | resources: 2391 | - pods 2392 | - pods/log 2393 | verbs: 2394 | - get 2395 | --- 2396 | apiVersion: rbac.authorization.k8s.io/v1 2397 | kind: RoleBinding 2398 | metadata: 2399 | labels: 2400 | app.kubernetes.io/component: application-controller 2401 | app.kubernetes.io/name: argocd-application-controller 2402 | app.kubernetes.io/part-of: argocd 2403 | name: argocd-application-controller 2404 | roleRef: 2405 | apiGroup: rbac.authorization.k8s.io 2406 | kind: Role 2407 | name: argocd-application-controller 2408 | subjects: 2409 | - kind: ServiceAccount 2410 | name: argocd-application-controller 2411 | --- 2412 | apiVersion: rbac.authorization.k8s.io/v1 2413 | kind: RoleBinding 2414 | metadata: 2415 | labels: 2416 | app.kubernetes.io/component: dex-server 2417 | app.kubernetes.io/name: argocd-dex-server 2418 | app.kubernetes.io/part-of: argocd 2419 | name: argocd-dex-server 2420 | roleRef: 2421 | apiGroup: rbac.authorization.k8s.io 2422 | kind: Role 2423 | name: argocd-dex-server 2424 | subjects: 2425 | - kind: ServiceAccount 2426 | name: argocd-dex-server 2427 | --- 2428 | apiVersion: rbac.authorization.k8s.io/v1 2429 | kind: RoleBinding 2430 | metadata: 2431 | labels: 2432 | app.kubernetes.io/component: server 2433 | app.kubernetes.io/name: argocd-server 2434 | app.kubernetes.io/part-of: argocd 2435 | name: argocd-server 2436 | roleRef: 2437 | apiGroup: rbac.authorization.k8s.io 2438 | kind: Role 2439 | name: argocd-server 2440 | subjects: 2441 | - kind: ServiceAccount 2442 | name: argocd-server 2443 | --- 2444 | apiVersion: rbac.authorization.k8s.io/v1 2445 | kind: ClusterRoleBinding 2446 | metadata: 2447 | labels: 2448 | app.kubernetes.io/component: application-controller 2449 | app.kubernetes.io/name: argocd-application-controller 2450 | app.kubernetes.io/part-of: argocd 2451 | name: argocd-application-controller 2452 | roleRef: 2453 | apiGroup: rbac.authorization.k8s.io 2454 | kind: ClusterRole 2455 | name: argocd-application-controller 2456 | subjects: 2457 | - kind: ServiceAccount 2458 | name: argocd-application-controller 2459 | namespace: argocd 2460 | --- 2461 | apiVersion: rbac.authorization.k8s.io/v1 2462 | kind: ClusterRoleBinding 2463 | metadata: 2464 | labels: 2465 | app.kubernetes.io/component: server 2466 | app.kubernetes.io/name: argocd-server 2467 | app.kubernetes.io/part-of: argocd 2468 | name: argocd-server 2469 | roleRef: 2470 | apiGroup: rbac.authorization.k8s.io 2471 | kind: ClusterRole 2472 | name: argocd-server 2473 | subjects: 2474 | - kind: ServiceAccount 2475 | name: argocd-server 2476 | namespace: argocd 2477 | --- 2478 | apiVersion: v1 2479 | kind: ConfigMap 2480 | metadata: 2481 | labels: 2482 | app.kubernetes.io/name: argocd-cm 2483 | app.kubernetes.io/part-of: argocd 2484 | name: argocd-cm 2485 | --- 2486 | apiVersion: v1 2487 | kind: ConfigMap 2488 | metadata: 2489 | labels: 2490 | app.kubernetes.io/name: argocd-rbac-cm 2491 | app.kubernetes.io/part-of: argocd 2492 | name: argocd-rbac-cm 2493 | --- 2494 | apiVersion: v1 2495 | data: 2496 | ssh_known_hosts: | 2497 | bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== 2498 | github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== 2499 | gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= 2500 | gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf 2501 | gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 2502 | ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H 2503 | vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H 2504 | kind: ConfigMap 2505 | metadata: 2506 | labels: 2507 | app.kubernetes.io/name: argocd-ssh-known-hosts-cm 2508 | app.kubernetes.io/part-of: argocd 2509 | name: argocd-ssh-known-hosts-cm 2510 | --- 2511 | apiVersion: v1 2512 | data: null 2513 | kind: ConfigMap 2514 | metadata: 2515 | labels: 2516 | app.kubernetes.io/name: argocd-tls-certs-cm 2517 | app.kubernetes.io/part-of: argocd 2518 | name: argocd-tls-certs-cm 2519 | --- 2520 | apiVersion: v1 2521 | kind: Secret 2522 | metadata: 2523 | labels: 2524 | app.kubernetes.io/name: argocd-secret 2525 | app.kubernetes.io/part-of: argocd 2526 | name: argocd-secret 2527 | type: Opaque 2528 | --- 2529 | apiVersion: v1 2530 | kind: Service 2531 | metadata: 2532 | labels: 2533 | app.kubernetes.io/component: dex-server 2534 | app.kubernetes.io/name: argocd-dex-server 2535 | app.kubernetes.io/part-of: argocd 2536 | name: argocd-dex-server 2537 | spec: 2538 | ports: 2539 | - name: http 2540 | port: 5556 2541 | protocol: TCP 2542 | targetPort: 5556 2543 | - name: grpc 2544 | port: 5557 2545 | protocol: TCP 2546 | targetPort: 5557 2547 | selector: 2548 | app.kubernetes.io/name: argocd-dex-server 2549 | --- 2550 | apiVersion: v1 2551 | kind: Service 2552 | metadata: 2553 | labels: 2554 | app.kubernetes.io/component: metrics 2555 | app.kubernetes.io/name: argocd-metrics 2556 | app.kubernetes.io/part-of: argocd 2557 | name: argocd-metrics 2558 | spec: 2559 | ports: 2560 | - name: metrics 2561 | port: 8082 2562 | protocol: TCP 2563 | targetPort: 8082 2564 | selector: 2565 | app.kubernetes.io/name: argocd-application-controller 2566 | --- 2567 | apiVersion: v1 2568 | kind: Service 2569 | metadata: 2570 | labels: 2571 | app.kubernetes.io/component: redis 2572 | app.kubernetes.io/name: argocd-redis 2573 | app.kubernetes.io/part-of: argocd 2574 | name: argocd-redis 2575 | spec: 2576 | ports: 2577 | - name: tcp-redis 2578 | port: 6379 2579 | targetPort: 6379 2580 | selector: 2581 | app.kubernetes.io/name: argocd-redis 2582 | --- 2583 | apiVersion: v1 2584 | kind: Service 2585 | metadata: 2586 | labels: 2587 | app.kubernetes.io/component: repo-server 2588 | app.kubernetes.io/name: argocd-repo-server 2589 | app.kubernetes.io/part-of: argocd 2590 | name: argocd-repo-server 2591 | spec: 2592 | ports: 2593 | - name: server 2594 | port: 8081 2595 | protocol: TCP 2596 | targetPort: 8081 2597 | - name: metrics 2598 | port: 8084 2599 | protocol: TCP 2600 | targetPort: 8084 2601 | selector: 2602 | app.kubernetes.io/name: argocd-repo-server 2603 | --- 2604 | apiVersion: v1 2605 | kind: Service 2606 | metadata: 2607 | labels: 2608 | app.kubernetes.io/component: server 2609 | app.kubernetes.io/name: argocd-server-metrics 2610 | app.kubernetes.io/part-of: argocd 2611 | name: argocd-server-metrics 2612 | spec: 2613 | ports: 2614 | - name: metrics 2615 | port: 8083 2616 | protocol: TCP 2617 | targetPort: 8083 2618 | selector: 2619 | app.kubernetes.io/name: argocd-server 2620 | --- 2621 | apiVersion: v1 2622 | kind: Service 2623 | metadata: 2624 | labels: 2625 | app.kubernetes.io/component: server 2626 | app.kubernetes.io/name: argocd-server 2627 | app.kubernetes.io/part-of: argocd 2628 | name: argocd-server 2629 | spec: 2630 | ports: 2631 | - name: http 2632 | port: 80 2633 | protocol: TCP 2634 | targetPort: 8080 2635 | - name: https 2636 | port: 443 2637 | protocol: TCP 2638 | targetPort: 8080 2639 | selector: 2640 | app.kubernetes.io/name: argocd-server 2641 | --- 2642 | apiVersion: apps/v1 2643 | kind: Deployment 2644 | metadata: 2645 | labels: 2646 | app.kubernetes.io/component: application-controller 2647 | app.kubernetes.io/name: argocd-application-controller 2648 | app.kubernetes.io/part-of: argocd 2649 | name: argocd-application-controller 2650 | spec: 2651 | selector: 2652 | matchLabels: 2653 | app.kubernetes.io/name: argocd-application-controller 2654 | strategy: 2655 | type: Recreate 2656 | template: 2657 | metadata: 2658 | labels: 2659 | app.kubernetes.io/name: argocd-application-controller 2660 | spec: 2661 | containers: 2662 | - command: 2663 | - argocd-application-controller 2664 | - --status-processors 2665 | - "20" 2666 | - --operation-processors 2667 | - "10" 2668 | image: argoproj/argocd:v1.2.0 2669 | imagePullPolicy: Always 2670 | livenessProbe: 2671 | httpGet: 2672 | path: /healthz 2673 | port: 8082 2674 | initialDelaySeconds: 5 2675 | periodSeconds: 10 2676 | name: argocd-application-controller 2677 | ports: 2678 | - containerPort: 8082 2679 | readinessProbe: 2680 | httpGet: 2681 | path: /healthz 2682 | port: 8082 2683 | initialDelaySeconds: 5 2684 | periodSeconds: 10 2685 | serviceAccountName: argocd-application-controller 2686 | --- 2687 | apiVersion: apps/v1 2688 | kind: Deployment 2689 | metadata: 2690 | labels: 2691 | app.kubernetes.io/component: dex-server 2692 | app.kubernetes.io/name: argocd-dex-server 2693 | app.kubernetes.io/part-of: argocd 2694 | name: argocd-dex-server 2695 | spec: 2696 | selector: 2697 | matchLabels: 2698 | app.kubernetes.io/name: argocd-dex-server 2699 | template: 2700 | metadata: 2701 | labels: 2702 | app.kubernetes.io/name: argocd-dex-server 2703 | spec: 2704 | containers: 2705 | - command: 2706 | - /shared/argocd-util 2707 | - rundex 2708 | image: quay.io/dexidp/dex:v2.14.0 2709 | imagePullPolicy: Always 2710 | name: dex 2711 | ports: 2712 | - containerPort: 5556 2713 | - containerPort: 5557 2714 | volumeMounts: 2715 | - mountPath: /shared 2716 | name: static-files 2717 | initContainers: 2718 | - command: 2719 | - cp 2720 | - /usr/local/bin/argocd-util 2721 | - /shared 2722 | image: argoproj/argocd:v1.2.0 2723 | imagePullPolicy: Always 2724 | name: copyutil 2725 | volumeMounts: 2726 | - mountPath: /shared 2727 | name: static-files 2728 | serviceAccountName: argocd-dex-server 2729 | volumes: 2730 | - emptyDir: {} 2731 | name: static-files 2732 | --- 2733 | apiVersion: apps/v1 2734 | kind: Deployment 2735 | metadata: 2736 | labels: 2737 | app.kubernetes.io/component: redis 2738 | app.kubernetes.io/name: argocd-redis 2739 | app.kubernetes.io/part-of: argocd 2740 | name: argocd-redis 2741 | spec: 2742 | selector: 2743 | matchLabels: 2744 | app.kubernetes.io/name: argocd-redis 2745 | template: 2746 | metadata: 2747 | labels: 2748 | app.kubernetes.io/name: argocd-redis 2749 | spec: 2750 | containers: 2751 | - args: 2752 | - --save 2753 | - "" 2754 | - --appendonly 2755 | - "no" 2756 | image: redis:5.0.3 2757 | imagePullPolicy: Always 2758 | name: redis 2759 | ports: 2760 | - containerPort: 6379 2761 | --- 2762 | apiVersion: apps/v1 2763 | kind: Deployment 2764 | metadata: 2765 | labels: 2766 | app.kubernetes.io/component: repo-server 2767 | app.kubernetes.io/name: argocd-repo-server 2768 | app.kubernetes.io/part-of: argocd 2769 | name: argocd-repo-server 2770 | spec: 2771 | selector: 2772 | matchLabels: 2773 | app.kubernetes.io/name: argocd-repo-server 2774 | template: 2775 | metadata: 2776 | labels: 2777 | app.kubernetes.io/name: argocd-repo-server 2778 | spec: 2779 | automountServiceAccountToken: false 2780 | containers: 2781 | - command: 2782 | - argocd-repo-server 2783 | - --redis 2784 | - argocd-redis:6379 2785 | image: argoproj/argocd:v1.2.0 2786 | imagePullPolicy: Always 2787 | livenessProbe: 2788 | initialDelaySeconds: 5 2789 | periodSeconds: 10 2790 | tcpSocket: 2791 | port: 8081 2792 | name: argocd-repo-server 2793 | ports: 2794 | - containerPort: 8081 2795 | - containerPort: 8084 2796 | readinessProbe: 2797 | initialDelaySeconds: 5 2798 | periodSeconds: 10 2799 | tcpSocket: 2800 | port: 8081 2801 | volumeMounts: 2802 | - mountPath: /app/config/ssh 2803 | name: ssh-known-hosts 2804 | - mountPath: /app/config/tls 2805 | name: tls-certs 2806 | volumes: 2807 | - configMap: 2808 | name: argocd-ssh-known-hosts-cm 2809 | name: ssh-known-hosts 2810 | - configMap: 2811 | name: argocd-tls-certs-cm 2812 | name: tls-certs 2813 | --- 2814 | apiVersion: apps/v1 2815 | kind: Deployment 2816 | metadata: 2817 | labels: 2818 | app.kubernetes.io/component: server 2819 | app.kubernetes.io/name: argocd-server 2820 | app.kubernetes.io/part-of: argocd 2821 | name: argocd-server 2822 | spec: 2823 | selector: 2824 | matchLabels: 2825 | app.kubernetes.io/name: argocd-server 2826 | template: 2827 | metadata: 2828 | labels: 2829 | app.kubernetes.io/name: argocd-server 2830 | spec: 2831 | containers: 2832 | - command: 2833 | - argocd-server 2834 | - --staticassets 2835 | - /shared/app 2836 | - '--insecure' 2837 | image: argoproj/argocd:v1.2.0 2838 | imagePullPolicy: Always 2839 | livenessProbe: 2840 | httpGet: 2841 | path: /healthz 2842 | port: 8080 2843 | initialDelaySeconds: 3 2844 | periodSeconds: 30 2845 | name: argocd-server 2846 | ports: 2847 | - containerPort: 8080 2848 | - containerPort: 8083 2849 | readinessProbe: 2850 | httpGet: 2851 | path: /healthz 2852 | port: 8080 2853 | initialDelaySeconds: 3 2854 | periodSeconds: 30 2855 | volumeMounts: 2856 | - mountPath: /app/config/ssh 2857 | name: ssh-known-hosts 2858 | - mountPath: /app/config/tls 2859 | name: tls-certs 2860 | serviceAccountName: argocd-server 2861 | volumes: 2862 | - emptyDir: {} 2863 | name: static-files 2864 | - configMap: 2865 | name: argocd-ssh-known-hosts-cm 2866 | name: ssh-known-hosts 2867 | - configMap: 2868 | name: argocd-tls-certs-cm 2869 | name: tls-certs 2870 | -------------------------------------------------------------------------------- /argocd/builds/base/build.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: Build 4 | metadata: 5 | name: cluster 6 | annotations: 7 | argocd.argoproj.io/sync-options: Prune=false 8 | spec: 9 | buildDefaults: 10 | defaultProxy: 11 | httpProxy: http://proxy.com 12 | httpsProxy: https://proxy.com 13 | noProxy: internal.com 14 | env: 15 | - name: envkey 16 | value: envvalue 17 | gitProxy: 18 | httpProxy: http://gitproxy.com 19 | httpsProxy: https://gitproxy.com 20 | noProxy: internalgit.com 21 | imageLabels: 22 | - name: labelkey 23 | value: labelvalue 24 | resources: 25 | limits: 26 | cpu: 100m 27 | memory: 50Mi 28 | requests: 29 | cpu: 10m 30 | memory: 10Mi 31 | buildOverrides: 32 | imageLabels: 33 | - name: labelkey 34 | value: labelvalue 35 | nodeSelector: 36 | selectorkey: selectorvalue 37 | tolerations: 38 | - effect: NoSchedule 39 | key: node-role.kubernetes.io/builds 40 | 41 | 42 | -------------------------------------------------------------------------------- /argocd/builds/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - build.yaml 3 | -------------------------------------------------------------------------------- /argocd/builds/overlays/pre/build.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: Build 4 | metadata: 5 | name: cluster 6 | annotations: 7 | argocd.argoproj.io/sync-options: Prune=false 8 | spec: 9 | buildDefaults: 10 | imageLabels: 11 | - name: preprodbuild 12 | value: "true" 13 | -------------------------------------------------------------------------------- /argocd/builds/overlays/pre/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../base 3 | patchesStrategicMerge: 4 | - build.yaml 5 | -------------------------------------------------------------------------------- /argocd/builds/overlays/pro/build.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: Build 4 | metadata: 5 | name: cluster 6 | annotations: 7 | argocd.argoproj.io/sync-options: Prune=false 8 | spec: 9 | buildDefaults: 10 | imageLabels: 11 | - name: prodbuild 12 | value: "true" 13 | -------------------------------------------------------------------------------- /argocd/builds/overlays/pro/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../base 3 | patchesStrategicMerge: 4 | - build.yaml 5 | -------------------------------------------------------------------------------- /argocd/console/console.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: Console 4 | metadata: 5 | name: cluster 6 | annotations: 7 | argocd.argoproj.io/sync-options: Prune=false 8 | spec: 9 | authentication: 10 | logoutRedirect: "https://google.com" 11 | -------------------------------------------------------------------------------- /argocd/grafana-operator/grafana-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: my-grafana-operator 5 | --- 6 | apiVersion: operators.coreos.com/v1 7 | kind: OperatorGroup 8 | metadata: 9 | name: operatorgroup 10 | namespace: my-grafana-operator 11 | spec: 12 | targetNamespaces: 13 | - my-grafana-operator 14 | --- 15 | apiVersion: operators.coreos.com/v1alpha1 16 | kind: Subscription 17 | metadata: 18 | name: my-grafana-operator 19 | namespace: my-grafana-operator 20 | spec: 21 | channel: alpha 22 | name: grafana-operator 23 | source: community-operators 24 | sourceNamespace: openshift-marketplace 25 | -------------------------------------------------------------------------------- /argocd/identity-providers/htpass-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | data: 4 | htpasswd: dXNlcjE6JDJ5JDA1JFBqUWVqZ1VNMzU5LnJkOE5xQzlweXVHbk9JM3JrVWl4cWh2NDg4enJVNVJvaEhZa2dLWGFhCg== 5 | kind: Secret 6 | metadata: 7 | name: htpass-secret 8 | namespace: openshift-config 9 | annotations: 10 | argocd.argoproj.io/sync-options: Prune=false 11 | argocd.argoproj.io/compare-options: IgnoreExtraneous 12 | type: Opaque 13 | 14 | -------------------------------------------------------------------------------- /argocd/identity-providers/oauth-htpasswd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: OAuth 4 | metadata: 5 | name: cluster 6 | annotations: 7 | argocd.argoproj.io/sync-options: Prune=false 8 | spec: 9 | identityProviders: 10 | - name: my_identity_provider 11 | mappingMethod: claim 12 | type: HTPasswd 13 | htpasswd: 14 | fileData: 15 | name: htpass-secret 16 | -------------------------------------------------------------------------------- /argocd/image/image.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: Image 4 | metadata: 5 | annotations: 6 | release.openshift.io/create-only: "true" 7 | name: cluster 8 | spec: 9 | allowedRegistriesForImport: 10 | - domainName: quay.io 11 | insecure: false 12 | status: 13 | internalRegistryHostname: image-registry.openshift-image-registry.svc:5000 14 | -------------------------------------------------------------------------------- /argocd/machine-sets/machinesets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: machine.openshift.io/v1beta1 2 | kind: MachineSet 3 | metadata: 4 | labels: 5 | machine.openshift.io/cluster-api-cluster: dgoodwin-dev-t6drv 6 | name: dgoodwin-dev-t6drv-additional-compute 7 | namespace: openshift-machine-api 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | machine.openshift.io/cluster-api-cluster: dgoodwin-dev-t6drv 13 | machine.openshift.io/cluster-api-machine-role: worker 14 | machine.openshift.io/cluster-api-machine-type: worker 15 | machine.openshift.io/cluster-api-machineset: dgoodwin-dev-t6drv-worker-us-east-1f 16 | template: 17 | metadata: 18 | labels: 19 | machine.openshift.io/cluster-api-cluster: dgoodwin-dev-t6drv 20 | machine.openshift.io/cluster-api-machine-role: worker 21 | machine.openshift.io/cluster-api-machine-type: worker 22 | machine.openshift.io/cluster-api-machineset: dgoodwin-dev-t6drv-worker-us-east-1f 23 | spec: 24 | providerSpec: 25 | value: 26 | ami: 27 | id: ami-046fe691f52a953f9 28 | apiVersion: awsproviderconfig.openshift.io/v1beta1 29 | blockDevices: 30 | - ebs: 31 | iops: 100 32 | volumeSize: 22 33 | volumeType: gp2 34 | credentialsSecret: 35 | name: aws-cloud-credentials 36 | deviceIndex: 0 37 | iamInstanceProfile: 38 | id: dgoodwin-dev-t6drv-worker-profile 39 | instanceType: m4.large 40 | kind: AWSMachineProviderConfig 41 | placement: 42 | availabilityZone: us-east-1f 43 | region: us-east-1 44 | securityGroups: 45 | - filters: 46 | - name: tag:Name 47 | values: 48 | - dgoodwin-dev-t6drv-worker-sg 49 | subnet: 50 | filters: 51 | - name: tag:Name 52 | values: 53 | - dgoodwin-dev-t6drv-private-us-east-1f 54 | tags: 55 | - name: kubernetes.io/cluster/dgoodwin-dev-t6drv 56 | value: owned 57 | userDataSecret: 58 | name: worker-user-data 59 | -------------------------------------------------------------------------------- /argocd/scheduler/scheduler-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: policy-configmap 6 | namespace: openshift-config 7 | data: 8 | policy.cfg: | 9 | { 10 | "kind" : "Policy", 11 | "apiVersion" : "v1", 12 | "predicates" : [ 13 | {"name" : "MaxGCEPDVolumeCount"}, 14 | {"name" : "GeneralPredicates"}, 15 | {"name" : "MaxAzureDiskVolumeCount"}, 16 | {"name" : "MaxCSIVolumeCountPred"}, 17 | {"name" : "CheckVolumeBinding"}, 18 | {"name" : "MaxEBSVolumeCount"}, 19 | {"name" : "PodFitsResources"}, 20 | {"name" : "MatchInterPodAffinity"}, 21 | {"name" : "CheckNodeUnschedulable"}, 22 | {"name" : "NoDiskConflict"}, 23 | {"name" : "NoVolumeZoneConflict"}, 24 | {"name" : "MatchNodeSelector"}, 25 | {"name" : "HostName"}, 26 | {"name" : "PodToleratesNodeTaints"} 27 | ], 28 | "priorities" : [ 29 | {"name" : "LeastRequestedPriority", "weight" : 1}, 30 | {"name" : "BalancedResourceAllocation", "weight" : 1}, 31 | {"name" : "ServiceSpreadingPriority", "weight" : 1}, 32 | {"name" : "NodePreferAvoidPodsPriority", "weight" : 1}, 33 | {"name" : "NodeAffinityPriority", "weight" : 1}, 34 | {"name" : "TaintTolerationPriority", "weight" : 1}, 35 | {"name" : "ImageLocalityPriority", "weight" : 1}, 36 | {"name" : "SelectorSpreadPriority", "weight" : 1}, 37 | {"name" : "InterPodAffinityPriority", "weight" : 1}, 38 | {"name" : "EqualPriority", "weight" : 1} 39 | ] 40 | } 41 | --------------------------------------------------------------------------------