k8s-and-chill/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: argocd-repo-server
    app.kubernetes.io/part-of: argocd
    app.kubernetes.io/version: v2.14.10
    helm.sh/chart: argo-cd-7.8.26
  name: argo-cd-argocd-repo-server
  namespace: argocd
spec:
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/instance: argo-cd
      app.kubernetes.io/name: argocd-repo-server
  template:
    metadata:
      annotations:
        checksum/cm: 9418e6a732d46889b3dd6d2ef98df03b3c37373394d36934944684afcf5aa6e4
        checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595
      labels:
        app.kubernetes.io/component: repo-server
        app.kubernetes.io/instance: argo-cd
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: argocd-repo-server
        app.kubernetes.io/part-of: argocd
        app.kubernetes.io/version: v2.14.10
        helm.sh/chart: argo-cd-7.8.26
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: argocd-repo-server
                topologyKey: kubernetes.io/hostname
              weight: 100
      automountServiceAccountToken: true
      containers:
        - args:
            - /usr/local/bin/argocd-repo-server
            - --port=8081
            - --metrics-port=8084
          env:
            - name: ARGOCD_REPO_SERVER_NAME
              value: argo-cd-argocd-repo-server
            - name: ARGOCD_RECONCILIATION_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  key: timeout.reconciliation
                  name: argocd-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_LOGFORMAT
              valueFrom:
                configMapKeyRef:
                  key: reposerver.log.format
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_LOGLEVEL
              valueFrom:
                configMapKeyRef:
                  key: reposerver.log.level
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
              valueFrom:
                configMapKeyRef:
                  key: reposerver.parallelism.limit
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.listen.address
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.metrics.listen.address
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_DISABLE_TLS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.disable.tls
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_TLS_MIN_VERSION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.tls.minversion
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_TLS_MAX_VERSION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.tls.maxversion
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_TLS_CIPHERS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.tls.ciphers
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_CACHE_EXPIRATION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.repo.cache.expiration
                  name: argocd-cmd-params-cm
                  optional: true
            - name: REDIS_SERVER
              valueFrom:
                configMapKeyRef:
                  key: redis.server
                  name: argocd-cmd-params-cm
                  optional: true
            - name: REDIS_COMPRESSION
              valueFrom:
                configMapKeyRef:
                  key: redis.compression
                  name: argocd-cmd-params-cm
                  optional: true
            - name: REDISDB
              valueFrom:
                configMapKeyRef:
                  key: redis.db
                  name: argocd-cmd-params-cm
                  optional: true
            - name: REDIS_USERNAME
              valueFrom:
                secretKeyRef:
                  key: redis-username
                  name: argo-cd-argocd-redis
                  optional: true
            - name: REDIS_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: auth
                  name: argocd-redis
                  optional: false
            - name: REDIS_SENTINEL_USERNAME
              valueFrom:
                secretKeyRef:
                  key: redis-sentinel-username
                  name: argo-cd-argocd-redis
                  optional: true
            - name: REDIS_SENTINEL_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: redis-sentinel-password
                  name: argo-cd-argocd-redis
                  optional: true
            - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.default.cache.expiration
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
              valueFrom:
                configMapKeyRef:
                  key: otlp.address
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_OTLP_INSECURE
              valueFrom:
                configMapKeyRef:
                  key: otlp.insecure
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_OTLP_HEADERS
              valueFrom:
                configMapKeyRef:
                  key: otlp.headers
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.max.combined.directory.manifests.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.plugin.tar.exclusions
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.plugin.use.manifest.generate.paths
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.allow.oob.symlinks
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.streamed.manifest.max.tar.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.streamed.manifest.max.extracted.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.helm.manifest.max.extracted.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.disable.helm.manifest.max.extracted.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_GIT_MODULES_ENABLED
              valueFrom:
                configMapKeyRef:
                  key: reposerver.enable.git.submodule
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
              valueFrom:
                configMapKeyRef:
                  key: reposerver.git.lsremote.parallelism.limit
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_GIT_REQUEST_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  key: reposerver.git.request.timeout
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  key: reposerver.revision.cache.lock.timeout
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
              valueFrom:
                configMapKeyRef:
                  key: reposerver.include.hidden.directories
                  name: argocd-cmd-params-cm
                  optional: true
            - name: HELM_CACHE_HOME
              value: /helm-working-dir
            - name: HELM_CONFIG_HOME
              value: /helm-working-dir
            - name: HELM_DATA_HOME
              value: /helm-working-dir
          image: quay.io/argoproj/argocd:v2.14.10
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz?full=true
              port: metrics
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          name: repo-server
          ports:
            - containerPort: 8081
              name: repo-server
              protocol: TCP
            - containerPort: 8084
              name: metrics
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: metrics
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          volumeMounts:
            - mountPath: /app/config/ssh
              name: ssh-known-hosts
            - mountPath: /app/config/tls
              name: tls-certs
            - mountPath: /app/config/gpg/source
              name: gpg-keys
            - mountPath: /app/config/gpg/keys
              name: gpg-keyring
            - mountPath: /app/config/reposerver/tls
              name: argocd-repo-server-tls
            - mountPath: /helm-working-dir
              name: helm-working-dir
            - mountPath: /home/argocd/cmp-server/plugins
              name: plugins
            - mountPath: /tmp
              name: tmp
      dnsPolicy: ClusterFirst
      initContainers:
        - command:
            - /bin/cp
            - -n
            - /usr/local/bin/argocd
            - /var/run/argocd/argocd-cmp-server
          image: quay.io/argoproj/argocd:v2.14.10
          imagePullPolicy: IfNotPresent
          name: copyutil
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          volumeMounts:
            - mountPath: /var/run/argocd
              name: var-files
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: argo-cd-argocd-repo-server
      terminationGracePeriodSeconds: 30
      volumes:
        - emptyDir: {}
          name: helm-working-dir
        - emptyDir: {}
          name: plugins
        - emptyDir: {}
          name: var-files
        - emptyDir: {}
          name: tmp
        - configMap:
            name: argocd-ssh-known-hosts-cm
          name: ssh-known-hosts
        - configMap:
            name: argocd-tls-certs-cm
          name: tls-certs
        - configMap:
            name: argocd-gpg-keys-cm
          name: gpg-keys
        - emptyDir: {}
          name: gpg-keyring
        - name: argocd-repo-server-tls
          secret:
            items:
              - key: tls.crt
                path: tls.crt
              - key: tls.key
                path: tls.key
              - key: ca.crt
                path: ca.crt
            optional: true
            secretName: argocd-repo-server-tls