diff --git a/Dockerfile b/Dockerfile index ac7737b683aad..5cbb77216d0a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -136,6 +136,7 @@ USER root RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/event-reporter-server && \ + ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-change-revision-controller && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \ diff --git a/acr_controller/application/client.go b/acr_controller/application/client.go index fe276fcff4399..e9c9e51441ffa 100644 --- a/acr_controller/application/client.go +++ b/acr_controller/application/client.go @@ -2,6 +2,7 @@ package application_change_revision_controller import ( "context" + "crypto/tls" "encoding/json" "fmt" appclient "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" @@ -41,6 +42,10 @@ func NewHttpApplicationClient(token string, address string, rootpath string) App return &httpApplicationClient{ httpClient: &http.Client{ Timeout: 30 * time.Second, + Transport: &http.Transport{ + // Support for insecure connections + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + }, }, baseUrl: address, token: token, diff --git a/cmd/application-change-revision-controller/commands/application_change_revision_controller.go b/cmd/application-change-revision-controller/commands/application_change_revision_controller.go index e5f355bea8667..595db4b9d5b4e 100644 --- a/cmd/application-change-revision-controller/commands/application_change_revision_controller.go +++ b/cmd/application-change-revision-controller/commands/application_change_revision_controller.go @@ -49,7 +49,6 @@ func getApplicationClient(address, token string, path string) appclient.Applicat func NewCommand() *cobra.Command { var ( redisClient *redis.Client - insecure bool listenHost string listenPort int glogLevel int @@ -138,7 +137,6 @@ func NewCommand() *cobra.Command { clientConfig = cli.AddKubectlFlagsToCmd(command) command.Flags().StringVar(&rootpath, "argocd-server-path", env.StringFromEnv("ARGOCD_SERVER_ROOTPATH", ""), "Used if Argo CD is running behind reverse proxy under subpath different from /") - command.Flags().BoolVar(&insecure, "insecure", env.ParseBoolFromEnv("ACR_CONTROLLER_INSECURE", false), "Run server without TLS") command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ACR_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ACR_CONTROLLER_LOG_LEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().IntVar(&glogLevel, "gloglevel", 0, "Set the glog logging level") diff --git a/manifests/base/acr-controller/acr-controller-deployment.yaml b/manifests/base/acr-controller/acr-controller-deployment.yaml new file mode 100644 index 0000000000000..baf85faaf85df --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: acr-controller + template: + metadata: + labels: + app.kubernetes.io/name: acr-controller + spec: + serviceAccountName: acr-controller + containers: + - name: acr-controller + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + args: + - /usr/local/bin/argocd-application-change-revision-controller + env: + - name: ARGOCD_SERVER + value: "http://argocd-server:80" + - name: ARGOCD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: argocd-token + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ACR_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.log.format + optional: true + - name: ACR_CONTROLLER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.log.level + optional: true + - name: ACR_CONTROLLER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.listen.address + optional: true + ports: + - containerPort: 8090 + name: health + livenessProbe: + httpGet: + path: /healthz?full=true + port: health + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: health + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault diff --git a/manifests/base/acr-controller/acr-controller-role.yaml b/manifests/base/acr-controller/acr-controller-role.yaml new file mode 100644 index 0000000000000..3a1e1991680e7 --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-role.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list diff --git a/manifests/base/acr-controller/acr-controller-rolebinding.yaml b/manifests/base/acr-controller/acr-controller-rolebinding.yaml new file mode 100644 index 0000000000000..e70280a6bc3f9 --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: acr-controller +subjects: +- kind: ServiceAccount + name: acr-controller diff --git a/manifests/base/acr-controller/acr-controller-sa.yaml b/manifests/base/acr-controller/acr-controller-sa.yaml new file mode 100644 index 0000000000000..0042922267f34 --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller diff --git a/manifests/base/acr-controller/kustomization.yaml b/manifests/base/acr-controller/kustomization.yaml new file mode 100644 index 0000000000000..93d7ff439875f --- /dev/null +++ b/manifests/base/acr-controller/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- acr-controller-deployment.yaml +- acr-controller-role.yaml +- acr-controller-rolebinding.yaml +- acr-controller-sa.yaml