acr v1

Dockerfile

@@ -136,6 +136,7 @@ USER root
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
     ln -s /usr/local/bin/argocd /usr/local/bin/event-reporter-server && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-change-revision-controller  && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \

acr_controller/application/client.go

@@ -2,6 +2,7 @@ package application_change_revision_controller
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	appclient "github.com/argoproj/argo-cd/v2/pkg/apiclient/application"
@@ -41,6 +42,10 @@ func NewHttpApplicationClient(token string, address string, rootpath string) App
 	return &httpApplicationClient{
 		httpClient: &http.Client{
 			Timeout: 30 * time.Second,
+			Transport: &http.Transport{
+				// Support for insecure connections
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			},
 		},
 		baseUrl:  address,
 		token:    token,

cmd/application-change-revision-controller/commands/application_change_revision_controller.go

@@ -49,7 +49,6 @@ func getApplicationClient(address, token string, path string) appclient.Applicat
 func NewCommand() *cobra.Command {
 	var (
 		redisClient              *redis.Client
-		insecure                 bool
 		listenHost               string
 		listenPort               int
 		glogLevel                int
@@ -138,7 +137,6 @@ func NewCommand() *cobra.Command {
 
 	clientConfig = cli.AddKubectlFlagsToCmd(command)
 	command.Flags().StringVar(&rootpath, "argocd-server-path", env.StringFromEnv("ARGOCD_SERVER_ROOTPATH", ""), "Used if Argo CD is running behind reverse proxy under subpath different from /")
-	command.Flags().BoolVar(&insecure, "insecure", env.ParseBoolFromEnv("ACR_CONTROLLER_INSECURE", false), "Run server without TLS")
 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ACR_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
 	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ACR_CONTROLLER_LOG_LEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().IntVar(&glogLevel, "gloglevel", 0, "Set the glog logging level")

manifests/base/acr-controller/acr-controller-deployment.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: acr-controller
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: acr-controller
+  name: acr-controller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: acr-controller
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: acr-controller
+    spec:
+      serviceAccountName: acr-controller
+      containers:
+        - name: acr-controller
+          image: quay.io/argoproj/argocd:latest
+          imagePullPolicy: Always
+          args:
+            - /usr/local/bin/argocd-application-change-revision-controller
+          env:
+            - name: ARGOCD_SERVER
+              value: "http://argocd-server:80"
+            - name: ARGOCD_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: token
+                  name: argocd-token
+            - name: ARGOCD_APPLICATION_NAMESPACES
+              valueFrom:
+                configMapKeyRef:
+                  name: argocd-cmd-params-cm
+                  key: application.namespaces
+                  optional: true
+            - name: ACR_CONTROLLER_LOGFORMAT
+              valueFrom:
+                configMapKeyRef:
+                  name: argocd-cmd-params-cm
+                  key: acr.log.format
+                  optional: true
+            - name: ACR_CONTROLLER_LOG_LEVEL
+              valueFrom:
+                configMapKeyRef:
+                  name: argocd-cmd-params-cm
+                  key: acr.log.level
+                  optional: true
+            - name: ACR_CONTROLLER_LISTEN_ADDRESS
+              valueFrom:
+                configMapKeyRef:
+                  name: argocd-cmd-params-cm
+                  key: acr.listen.address
+                  optional: true
+          ports:
+            - containerPort: 8090
+              name: health
+          livenessProbe:
+            httpGet:
+              path: /healthz?full=true
+              port: health
+            initialDelaySeconds: 3
+            periodSeconds: 30
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: health
+            initialDelaySeconds: 3
+            periodSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault

manifests/base/acr-controller/acr-controller-role.yaml

@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: acr-controller
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: acr-controller
+  name: acr-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - argoproj.io
+  resources:
+  - applications
+  - appprojects
+  - applicationsets
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - delete
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - list

manifests/base/acr-controller/acr-controller-rolebinding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: acr-controller
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: acr-controller
+  name: acr-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: acr-controller
+subjects:
+- kind: ServiceAccount
+  name: acr-controller

manifests/base/acr-controller/acr-controller-sa.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: acr-controller
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: acr-controller
+  name: acr-controller

manifests/base/acr-controller/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- acr-controller-deployment.yaml
+- acr-controller-role.yaml
+- acr-controller-rolebinding.yaml
+- acr-controller-sa.yaml