GitBucket
Newer
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: dex-server
name: argocd-dex-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-dex-server
spec:
serviceAccountName: argocd-dex-server
initContainers:
- name: copyutil
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
command: [/bin/cp, -n, /usr/local/bin/argocd, /shared/argocd-dex]
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: dex
image: ghcr.io/dexidp/dex:v2.37.0
imagePullPolicy: Always
command: [/shared/argocd-dex, rundex]
env:
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: dexserver.disable.tls
optional: true
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 5556
- containerPort: 5557
- containerPort: 5558
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
- mountPath: /tls
name: argocd-dex-server-tls
volumes:
- emptyDir: {}
name: static-files
- emptyDir: {}
name: dexconfig
- name: argocd-dex-server-tls
secret:
secretName: argocd-dex-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 5
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname