![]() ![]() to provide # sync privileges to a CI system - name : ci-role description : Sync privileges for guestbook-dev policies : - p, proj:my-project:ci-role, applications, sync, my-project/guestbook-dev, allow # NOTE: JWT tokens can only be generated by the API server and the token is not persisted # anywhere by Argo CD. Under the hood when the server is missing, it is calculated based on the name and used for any operations.Ī minimal Application spec is as follows:ĪpiVersion : argoproj.io/v1alpha1 kind : AppProject metadata : name : my-project namespace : argocd # Finalizer that ensures that project is not deleted until it is not referenced by any application finalizers : - spec : description : Example Project # Allow manifests to deploy from any Git repos sourceRepos : - '*' # Only permit applications to deploy to the guestbook namespace in the same cluster destinations : - namespace : guestbook server : # Deny all cluster-scoped resources from being created, except for Namespace clusterResourceWhitelist : - group : '' kind : Namespace # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy namespaceResourceBlacklist : - group : '' kind : ResourceQuota - group : '' kind : LimitRange - group : '' kind : NetworkPolicy # Deny all namespaced-scoped resources from being created, except for Deployment and StatefulSet namespaceResourceWhitelist : - group : 'apps' kind : Deployment - group : 'apps' kind : StatefulSet roles : # A role which provides read-only access to all applications in the project - name : read-only description : Read-only privileges to my-project policies : - p, proj:my-project:read-only, applications, get, my-project/*, allow groups : - my-oidc-group # A role which provides sync privileges to only the guestbook-dev application, e.g. For the cluster one of server or name can be used, but not both (which will result in an error). destination reference to the target cluster and namespace. ![]() source reference to the desired state in Git (repository, revision, path, environment).It is defined by two key pieces of information: The Application CRD is the Kubernetes resource object representing a deployed application instance This also means that application and project names are unique within a given Argo CD installation - you cannot have the same application name for two different applications. Multiple configuration objects ¶ Sample Fileįor Application and AppProject resources, the name of the resource equals the name of the application or project within Argo CD. SSH known hosts data for connecting Git repositories via SSH (v1.2 and later)įor each specific kind of ConfigMap and Secret resource, there is only a single supported resource name (as listed in the above table) - if you need to merge things you need to do it before creating them.īe sure to annotate your ConfigMap resources using the label /part-of: argocd, otherwise Argo CD will not be able to use them. User Passwords, Certificates (deprecated), Signing Key, Dex secrets, Webhook secretsĬustom TLS certificates for connecting Git repositories via HTTPS (v1.2 and later) My-private-repo / istio-helm-repo / private-helm-repo / private-repoĪrgoproj-https-creds / argoproj-ssh-creds / github-creds / github-enterprise-creds Quick Reference ¶Īll resources, including Application and AppProject specs, have to be installed in the Argo CD namespace (by default argocd). These can be updated using kubectl apply, without needing to touch the argocd command-line tool. Generating Applications with ApplicationSetĪrgo CD applications, projects and settings can be defined declaratively using Kubernetes manifests. How ApplicationSet controller interacts with Argo CD Repositories using self-signed TLS certificates (or are signed by custom CA)
0 Comments
Leave a Reply. |