数据结构
31 分钟阅读
简要概述
TODO;
基于 “github.com/argoproj/argo-cd” “v2.11.3” 版本分析。
资源 argocd-cm 结构
util/settings/settings.go
配置示例
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
data:
url: http://cd.dev.k8s.173ops.com
dex.config: |
connectors:
- type: github
id: github
该 ConfigMap 资源可配置的所有属性见 updateSettingsFromConfigMap 列表,完整示例见 argocd-cm.yaml
updateSettingsFromConfigMap
const (
// settingServerSignatureKey designates the key for a server secret key inside a Kubernetes secret.
settingServerSignatureKey = "server.secretkey"
// gaTrackingID holds Google Analytics tracking id
gaTrackingID = "ga.trackingid"
// the URL for getting chat help, this will typically be your Slack channel for support
helpChatURL = "help.chatUrl"
// the text for getting chat help, defaults to "Chat now!"
helpChatText = "help.chatText"
// gaAnonymizeUsers specifies if user ids should be anonymized (hashed) before sending to Google Analytics. True unless value is set to 'false'
gaAnonymizeUsers = "ga.anonymizeusers"
// settingServerCertificate designates the key for the public cert used in TLS
settingServerCertificate = "tls.crt"
// settingServerPrivateKey designates the key for the private key used in TLS
settingServerPrivateKey = "tls.key"
// settingURLKey designates the key where Argo CD's external URL is set
settingURLKey = "url"
// repositoriesKey designates the key where ArgoCDs repositories list is set
repositoriesKey = "repositories"
// repositoryCredentialsKey designates the key where ArgoCDs repositories credentials list is set
repositoryCredentialsKey = "repository.credentials"
// helmRepositoriesKey designates the key where list of helm repositories is set
helmRepositoriesKey = "helm.repositories"
// settingDexConfigKey designates the key for the dex config
settingDexConfigKey = "dex.config"
// settingsOIDCConfigKey designates the key for OIDC config
settingsOIDCConfigKey = "oidc.config"
// statusBadgeEnabledKey holds the key which enables of disables status badge feature
statusBadgeEnabledKey = "statusbadge.enabled"
// statusBadgeRootUrlKey holds the key for the root badge URL override
statusBadgeRootUrlKey = "statusbadge.url"
// settingsWebhookGitHubSecret is the key for the GitHub shared webhook secret
settingsWebhookGitHubSecretKey = "webhook.github.secret"
// settingsWebhookGitLabSecret is the key for the GitLab shared webhook secret
settingsWebhookGitLabSecretKey = "webhook.gitlab.secret"
// settingsWebhookBitbucketUUID is the key for Bitbucket webhook UUID
settingsWebhookBitbucketUUIDKey = "webhook.bitbucket.uuid"
// settingsWebhookBitbucketServerSecret is the key for BitbucketServer webhook secret
settingsWebhookBitbucketServerSecretKey = "webhook.bitbucketserver.secret"
// settingsWebhookGogsSecret is the key for Gogs webhook secret
settingsWebhookGogsSecretKey = "webhook.gogs.secret"
// settingsWebhookAzureDevOpsUsernameKey is the key for Azure DevOps webhook username
settingsWebhookAzureDevOpsUsernameKey = "webhook.azuredevops.username"
// settingsWebhookAzureDevOpsPasswordKey is the key for Azure DevOps webhook password
settingsWebhookAzureDevOpsPasswordKey = "webhook.azuredevops.password"
// settingsApplicationInstanceLabelKey is the key to configure injected app instance label key
settingsApplicationInstanceLabelKey = "application.instanceLabelKey"
// settingsResourceTrackingMethodKey is the key to configure tracking method for application resources
settingsResourceTrackingMethodKey = "application.resourceTrackingMethod"
// resourcesCustomizationsKey is the key to the map of resource overrides
resourceCustomizationsKey = "resource.customizations"
// resourceExclusions is the key to the list of excluded resources
resourceExclusionsKey = "resource.exclusions"
// resourceInclusions is the key to the list of explicitly watched resources
resourceInclusionsKey = "resource.inclusions"
// resourceIgnoreResourceUpdatesEnabledKey is the key to a boolean determining whether the resourceIgnoreUpdates feature is enabled
resourceIgnoreResourceUpdatesEnabledKey = "resource.ignoreResourceUpdatesEnabled"
// resourceCustomLabelKey is the key to a custom label to show in node info, if present
resourceCustomLabelsKey = "resource.customLabels"
// kustomizeBuildOptionsKey is a string of kustomize build parameters
kustomizeBuildOptionsKey = "kustomize.buildOptions"
// kustomizeVersionKeyPrefix is a kustomize version key prefix
kustomizeVersionKeyPrefix = "kustomize.version"
// kustomizePathPrefixKey is a kustomize path for a specific version
kustomizePathPrefixKey = "kustomize.path"
// anonymousUserEnabledKey is the key which enables or disables anonymous user
anonymousUserEnabledKey = "users.anonymous.enabled"
// userSessionDurationKey is the key which specifies token expiration duration
userSessionDurationKey = "users.session.duration"
// diffOptions is the key where diff options are configured
resourceCompareOptionsKey = "resource.compareoptions"
// settingUiCssURLKey designates the key for user-defined CSS URL for UI customization
settingUiCssURLKey = "ui.cssurl"
// settingUiBannerContentKey designates the key for content of user-defined info banner for UI
settingUiBannerContentKey = "ui.bannercontent"
// settingUiBannerURLKey designates the key for the link for user-defined info banner for UI
settingUiBannerURLKey = "ui.bannerurl"
// settingUiBannerPermanentKey designates the key for whether the banner is permanent and not closeable
settingUiBannerPermanentKey = "ui.bannerpermanent"
// settingUiBannerPositionKey designates the key for the position of the banner
settingUiBannerPositionKey = "ui.bannerposition"
// settingsBinaryUrlsKey designates the key for the argocd binary URLs
settingsBinaryUrlsKey = "help.download"
// globalProjectsKey designates the key for global project settings
globalProjectsKey = "globalProjects"
// initialPasswordSecretName is the name of the secret that will hold the initial admin password
initialPasswordSecretName = "argocd-initial-admin-secret"
// initialPasswordSecretField is the name of the field in initialPasswordSecretName to store the password
initialPasswordSecretField = "password"
// initialPasswordLength defines the length of the generated initial password
initialPasswordLength = 16
// externalServerTLSSecretName defines the name of the external secret holding the server's TLS certificate
externalServerTLSSecretName = "argocd-server-tls"
// partOfArgoCDSelector holds label selector that should be applied to config maps and secrets used to manage Argo CD
partOfArgoCDSelector = "app.kubernetes.io/part-of=argocd"
// settingsPasswordPatternKey is the key to configure user password regular expression
settingsPasswordPatternKey = "passwordPattern"
// inClusterEnabledKey is the key to configure whether to allow in-cluster server address
inClusterEnabledKey = "cluster.inClusterEnabled"
// settingsServerRBACLogEnforceEnable is the key to configure whether logs RBAC enforcement is enabled
settingsServerRBACLogEnforceEnableKey = "server.rbac.log.enforce.enable"
// MaxPodLogsToRender the maximum number of pod logs to render
settingsMaxPodLogsToRender = "server.maxPodLogsToRender"
// helmValuesFileSchemesKey is the key to configure the list of supported helm values file schemas
helmValuesFileSchemesKey = "helm.valuesFileSchemes"
// execEnabledKey is the key to configure whether the UI exec feature is enabled
execEnabledKey = "exec.enabled"
// execShellsKey is the key to configure which shells are allowed for `exec` and in what order they are tried
execShellsKey = "exec.shells"
// oidcTLSInsecureSkipVerifyKey is the key to configure whether TLS cert verification is skipped for OIDC connections
oidcTLSInsecureSkipVerifyKey = "oidc.tls.insecure.skip.verify"
// ApplicationDeepLinks is the application deep link key
ApplicationDeepLinks = "application.links"
// ProjectDeepLinks is the project deep link key
ProjectDeepLinks = "project.links"
// ResourceDeepLinks is the resource deep link key
ResourceDeepLinks = "resource.links"
extensionConfig = "extension.config"
// RespectRBAC is the key to configure argocd to respect rbac while watching for resources
RespectRBAC = "resource.respectRBAC"
RespectRBACValueStrict = "strict"
RespectRBACValueNormal = "normal"
)
对 ConfigMap 资源转换为 ArgoCDSettings 数据结构方法:
// updateSettingsFromConfigMap transfers settings from a Kubernetes configmap into an ArgoCDSettings struct.
func updateSettingsFromConfigMap(settings *ArgoCDSettings, argoCDCM *apiv1.ConfigMap) {
settings.DexConfig = argoCDCM.Data[settingDexConfigKey]
settings.OIDCConfigRAW = argoCDCM.Data[settingsOIDCConfigKey]
settings.KustomizeBuildOptions = argoCDCM.Data[kustomizeBuildOptionsKey]
settings.StatusBadgeEnabled = argoCDCM.Data[statusBadgeEnabledKey] == "true"
settings.StatusBadgeRootUrl = argoCDCM.Data[statusBadgeRootUrlKey]
settings.AnonymousUserEnabled = argoCDCM.Data[anonymousUserEnabledKey] == "true"
settings.UiCssURL = argoCDCM.Data[settingUiCssURLKey]
settings.UiBannerContent = argoCDCM.Data[settingUiBannerContentKey]
settings.UiBannerPermanent = argoCDCM.Data[settingUiBannerPermanentKey] == "true"
settings.UiBannerPosition = argoCDCM.Data[settingUiBannerPositionKey]
settings.ServerRBACLogEnforceEnable = argoCDCM.Data[settingsServerRBACLogEnforceEnableKey] == "true"
settings.BinaryUrls = getDownloadBinaryUrlsFromConfigMap(argoCDCM)
if err := validateExternalURL(argoCDCM.Data[settingURLKey]); err != nil {
log.Warnf("Failed to validate URL in configmap: %v", err)
}
settings.URL = argoCDCM.Data[settingURLKey]
if err := validateExternalURL(argoCDCM.Data[settingUiBannerURLKey]); err != nil {
log.Warnf("Failed to validate UI banner URL in configmap: %v", err)
}
settings.UiBannerURL = argoCDCM.Data[settingUiBannerURLKey]
settings.UserSessionDuration = time.Hour * 24
if userSessionDurationStr, ok := argoCDCM.Data[userSessionDurationKey]; ok {
if val, err := timeutil.ParseDuration(userSessionDurationStr); err != nil {
log.Warnf("Failed to parse '%s' key: %v", userSessionDurationKey, err)
} else {
settings.UserSessionDuration = *val
}
}
settings.PasswordPattern = argoCDCM.Data[settingsPasswordPatternKey]
if settings.PasswordPattern == "" {
settings.PasswordPattern = common.PasswordPatten
}
if maxPodLogsToRenderStr, ok := argoCDCM.Data[settingsMaxPodLogsToRender]; ok {
if val, err := strconv.ParseInt(maxPodLogsToRenderStr, 10, 64); err != nil {
log.Warnf("Failed to parse '%s' key: %v", settingsMaxPodLogsToRender, err)
} else {
settings.MaxPodLogsToRender = val
}
}
settings.InClusterEnabled = argoCDCM.Data[inClusterEnabledKey] != "false"
settings.ExecEnabled = argoCDCM.Data[execEnabledKey] == "true"
execShells := argoCDCM.Data[execShellsKey]
if execShells != "" {
settings.ExecShells = strings.Split(execShells, ",")
} else {
// Fall back to default. If you change this list, also change docs/operator-manual/argocd-cm.yaml.
settings.ExecShells = []string{"bash", "sh", "powershell", "cmd"}
}
settings.TrackingMethod = argoCDCM.Data[settingsResourceTrackingMethodKey]
settings.OIDCTLSInsecureSkipVerify = argoCDCM.Data[oidcTLSInsecureSkipVerifyKey] == "true"
settings.ExtensionConfig = argoCDCM.Data[extensionConfig]
}
ArgoCDSettings
// ArgoCDSettings holds in-memory runtime configuration options.
type ArgoCDSettings struct {
// URL is the externally facing URL users will visit to reach Argo CD.
// The value here is used when configuring SSO. Omitting this value will disable SSO.
URL string `json:"url,omitempty"`
// Indicates if status badge is enabled or not.
StatusBadgeEnabled bool `json:"statusBadgeEnable"`
// Indicates if status badge custom root URL should be used.
StatusBadgeRootUrl string `json:"statusBadgeRootUrl,omitempty"`
// DexConfig contains portions of a dex config yaml
DexConfig string `json:"dexConfig,omitempty"`
// OIDCConfigRAW holds OIDC configuration as a raw string
OIDCConfigRAW string `json:"oidcConfig,omitempty"`
// ServerSignature holds the key used to generate JWT tokens.
ServerSignature []byte `json:"serverSignature,omitempty"`
// Certificate holds the certificate/private key for the Argo CD API server.
// If nil, will run insecure without TLS.
Certificate *tls.Certificate `json:"-"`
// CertificateIsExternal indicates whether Certificate was loaded from external secret
CertificateIsExternal bool `json:"-"`
// WebhookGitLabSecret holds the shared secret for authenticating GitHub webhook events
WebhookGitHubSecret string `json:"webhookGitHubSecret,omitempty"`
// WebhookGitLabSecret holds the shared secret for authenticating GitLab webhook events
WebhookGitLabSecret string `json:"webhookGitLabSecret,omitempty"`
// WebhookBitbucketUUID holds the UUID for authenticating Bitbucket webhook events
WebhookBitbucketUUID string `json:"webhookBitbucketUUID,omitempty"`
// WebhookBitbucketServerSecret holds the shared secret for authenticating BitbucketServer webhook events
WebhookBitbucketServerSecret string `json:"webhookBitbucketServerSecret,omitempty"`
// WebhookGogsSecret holds the shared secret for authenticating Gogs webhook events
WebhookGogsSecret string `json:"webhookGogsSecret,omitempty"`
// WebhookAzureDevOpsUsername holds the username for authenticating Azure DevOps webhook events
WebhookAzureDevOpsUsername string `json:"webhookAzureDevOpsUsername,omitempty"`
// WebhookAzureDevOpsPassword holds the password for authenticating Azure DevOps webhook events
WebhookAzureDevOpsPassword string `json:"webhookAzureDevOpsPassword,omitempty"`
// Secrets holds all secrets in argocd-secret as a map[string]string
Secrets map[string]string `json:"secrets,omitempty"`
// KustomizeBuildOptions is a string of kustomize build parameters
KustomizeBuildOptions string `json:"kustomizeBuildOptions,omitempty"`
// Indicates if anonymous user is enabled or not
AnonymousUserEnabled bool `json:"anonymousUserEnabled,omitempty"`
// Specifies token expiration duration
UserSessionDuration time.Duration `json:"userSessionDuration,omitempty"`
// UiCssURL local or remote path to user-defined CSS to customize ArgoCD UI
UiCssURL string `json:"uiCssURL,omitempty"`
// Content of UI Banner
UiBannerContent string `json:"uiBannerContent,omitempty"`
// URL for UI Banner
UiBannerURL string `json:"uiBannerURL,omitempty"`
// Make Banner permanent and not closeable
UiBannerPermanent bool `json:"uiBannerPermanent,omitempty"`
// Position of UI Banner
UiBannerPosition string `json:"uiBannerPosition,omitempty"`
// PasswordPattern for password regular expression
PasswordPattern string `json:"passwordPattern,omitempty"`
// BinaryUrls contains the URLs for downloading argocd binaries
BinaryUrls map[string]string `json:"binaryUrls,omitempty"`
// InClusterEnabled indicates whether to allow in-cluster server address
InClusterEnabled bool `json:"inClusterEnabled"`
// ServerRBACLogEnforceEnable temporary var indicates whether rbac will be enforced on logs
ServerRBACLogEnforceEnable bool `json:"serverRBACLogEnforceEnable"`
// MaxPodLogsToRender the maximum number of pod logs to render
MaxPodLogsToRender int64 `json:"maxPodLogsToRender"`
// ExecEnabled indicates whether the UI exec feature is enabled
ExecEnabled bool `json:"execEnabled"`
// ExecShells restricts which shells are allowed for `exec` and in which order they are tried
ExecShells []string `json:"execShells"`
// TrackingMethod defines the resource tracking method to be used
TrackingMethod string `json:"application.resourceTrackingMethod,omitempty"`
// OIDCTLSInsecureSkipVerify determines whether certificate verification is skipped when verifying tokens with the
// configured OIDC provider (either external or the bundled Dex instance). Setting this to `true` will cause JWT
// token verification to pass despite the OIDC provider having an invalid certificate. Only set to `true` if you
// understand the risks.
OIDCTLSInsecureSkipVerify bool `json:"oidcTLSInsecureSkipVerify"`
// AppsInAnyNamespaceEnabled indicates whether applications are allowed to be created in any namespace
AppsInAnyNamespaceEnabled bool `json:"appsInAnyNamespaceEnabled"`
// ExtensionConfig configurations related to ArgoCD proxy extensions. The value
// is a yaml string defined in extension.ExtensionConfigs struct.
ExtensionConfig string `json:"extensionConfig,omitempty"`
}
资源 applications 结构
Application
// Application is a definition of Application resource.
type Application struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
Spec ApplicationSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
Status ApplicationStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
Operation *Operation `json:"operation,omitempty" protobuf:"bytes,4,opt,name=operation"`
}
ApplicationSpec
// ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision.
type ApplicationSpec struct {
// Source is a reference to the location of the application's manifests or chart
// 用户期望应用运行的状态,以 yaml 编写存储在 git 服务上
Source *ApplicationSource `json:"source,omitempty" protobuf:"bytes,1,opt,name=source"`
// Destination is a reference to the target Kubernetes server and namespace
// 用户期望应用部署至哪组 k8s 上的哪个空间下
Destination ApplicationDestination `json:"destination" protobuf:"bytes,2,name=destination"`
// Project is a reference to the project this application belongs to.
// The empty string means that application belongs to the 'default' project.
// 该部署应用关联的 project, 它用于控制权限
Project string `json:"project" protobuf:"bytes,3,name=project"`
// SyncPolicy controls when and how a sync will be performed
// 当期望状态与 k8s 集群上实际状态不一致时的同步策略
SyncPolicy *SyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"`
// IgnoreDifferences is a list of resources and their fields which should be ignored during comparison
IgnoreDifferences IgnoreDifferences `json:"ignoreDifferences,omitempty" protobuf:"bytes,5,name=ignoreDifferences"`
// Info contains a list of information (URLs, email addresses, and plain text) that relates to the application
// 额外自定义的一些信息
Info []Info `json:"info,omitempty" protobuf:"bytes,6,name=info"`
// RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
// This should only be changed in exceptional circumstances.
// Setting to zero will store no history. This will reduce storage used.
// Increasing will increase the space used to store the history, so we do not recommend increasing it.
// Default is 10.
// 保留可回滚的历史记录数量
RevisionHistoryLimit *int64 `json:"revisionHistoryLimit,omitempty" protobuf:"bytes,7,name=revisionHistoryLimit"`
// Sources is a reference to the location of the application's manifests or chart
// 应用 yaml 来自多个 git 地址组合而成,比如把运维与开发负责的部分各自剥离
Sources ApplicationSources `json:"sources,omitempty" protobuf:"bytes,8,opt,name=sources"`
}
ApplicationStatus
// ApplicationStatus contains status information for the application
type ApplicationStatus struct {
// Resources is a list of Kubernetes resources managed by this application
Resources []ResourceStatus `json:"resources,omitempty" protobuf:"bytes,1,opt,name=resources"`
// Sync contains information about the application's current sync status
Sync SyncStatus `json:"sync,omitempty" protobuf:"bytes,2,opt,name=sync"`
// Health contains information about the application's current health status
Health HealthStatus `json:"health,omitempty" protobuf:"bytes,3,opt,name=health"`
// History contains information about the application's sync history
History RevisionHistories `json:"history,omitempty" protobuf:"bytes,4,opt,name=history"`
// Conditions is a list of currently observed application conditions
Conditions []ApplicationCondition `json:"conditions,omitempty" protobuf:"bytes,5,opt,name=conditions"`
// ReconciledAt indicates when the application state was reconciled using the latest git version
ReconciledAt *metav1.Time `json:"reconciledAt,omitempty" protobuf:"bytes,6,opt,name=reconciledAt"`
// OperationState contains information about any ongoing operations, such as a sync
OperationState *OperationState `json:"operationState,omitempty" protobuf:"bytes,7,opt,name=operationState"`
// ObservedAt indicates when the application state was updated without querying latest git state
// Deprecated: controller no longer updates ObservedAt field
ObservedAt *metav1.Time `json:"observedAt,omitempty" protobuf:"bytes,8,opt,name=observedAt"`
// SourceType specifies the type of this application
SourceType ApplicationSourceType `json:"sourceType,omitempty" protobuf:"bytes,9,opt,name=sourceType"`
// Summary contains a list of URLs and container images used by this application
Summary ApplicationSummary `json:"summary,omitempty" protobuf:"bytes,10,opt,name=summary"`
// ResourceHealthSource indicates where the resource health status is stored: inline if not set or appTree
ResourceHealthSource ResourceHealthLocation `json:"resourceHealthSource,omitempty" protobuf:"bytes,11,opt,name=resourceHealthSource"`
// SourceTypes specifies the type of the sources included in the application
SourceTypes []ApplicationSourceType `json:"sourceTypes,omitempty" protobuf:"bytes,12,opt,name=sourceTypes"`
// ControllerNamespace indicates the namespace in which the application controller is located
ControllerNamespace string `json:"controllerNamespace,omitempty" protobuf:"bytes,13,opt,name=controllerNamespace"`
}
ApplicationSource
// ApplicationSource contains all required information about the source of an application
type ApplicationSource struct {
// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests
// git 或 helm 仓库地址
RepoURL string `json:"repoURL" protobuf:"bytes,1,opt,name=repoURL"`
// Path is a directory path within the Git repository, and is only valid for applications sourced from Git.
// 仅 git 仓库有效,yaml 文件在该仓库下的二级路径
Path string `json:"path,omitempty" protobuf:"bytes,2,opt,name=path"`
// TargetRevision defines the revision of the source to sync the application to.
// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
// In case of Helm, this is a semver tag for the Chart's version.
TargetRevision string `json:"targetRevision,omitempty" protobuf:"bytes,4,opt,name=targetRevision"`
// Helm holds helm specific options
Helm *ApplicationSourceHelm `json:"helm,omitempty" protobuf:"bytes,7,opt,name=helm"`
// Kustomize holds kustomize specific options
Kustomize *ApplicationSourceKustomize `json:"kustomize,omitempty" protobuf:"bytes,8,opt,name=kustomize"`
// Directory holds path/directory specific options
Directory *ApplicationSourceDirectory `json:"directory,omitempty" protobuf:"bytes,10,opt,name=directory"`
// Plugin holds config management plugin specific options
Plugin *ApplicationSourcePlugin `json:"plugin,omitempty" protobuf:"bytes,11,opt,name=plugin"`
// Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.
Chart string `json:"chart,omitempty" protobuf:"bytes,12,opt,name=chart"`
// Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.
Ref string `json:"ref,omitempty" protobuf:"bytes,13,opt,name=ref"`
}
ApplicationDestination
// ApplicationDestination holds information about the application's destination
type ApplicationDestination struct {
// Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.
// k8s 控制平面 url 地址,与 name 参数二选一
Server string `json:"server,omitempty" protobuf:"bytes,1,opt,name=server"`
// Namespace specifies the target namespace for the application's resources.
// The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
// 目标部署命名空间
Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"`
// Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.
// k8s 控制平面的名称,与 server 参数二选一
Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
// nolint:govet
isServerInferred bool `json:"-"`
}
SyncPolicy
// SyncPolicy controls when a sync will be performed in response to updates in git
type SyncPolicy struct {
// Automated will keep an application synced to the target revision
// 控制 k8s 资源与 git 源中期望状态的自动化同步策略
Automated *SyncPolicyAutomated `json:"automated,omitempty" protobuf:"bytes,1,opt,name=automated"`
// Options allow you to specify whole app sync-options
SyncOptions SyncOptions `json:"syncOptions,omitempty" protobuf:"bytes,2,opt,name=syncOptions"`
// Retry controls failed sync retry behavior
Retry *RetryStrategy `json:"retry,omitempty" protobuf:"bytes,3,opt,name=retry"`
// ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true)
ManagedNamespaceMetadata *ManagedNamespaceMetadata `json:"managedNamespaceMetadata,omitempty" protobuf:"bytes,4,opt,name=managedNamespaceMetadata"`
// If you add a field here, be sure to update IsZero.
}
// SyncPolicyAutomated controls the behavior of an automated sync
type SyncPolicyAutomated struct {
// Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)
// 当管理员在 git 源中移除一些资源后,是否允许 argocd 同步把集群上多余的资源移除
Prune bool `json:"prune,omitempty" protobuf:"bytes,1,opt,name=prune"`
// SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)
// 当管理员在 k8s 集群中手工修改资源后,此时与 git 源不匹配,则会立刻将其恢复到期望状态
SelfHeal bool `json:"selfHeal,omitempty" protobuf:"bytes,2,opt,name=selfHeal"`
// AllowEmpty allows apps have zero live resources (default: false)
// 是否允许应用为空资源,比如当移除 git 源仓库内 yaml 数据时,此时出现空资源是否允许 k8s 同步
AllowEmpty bool `json:"allowEmpty,omitempty" protobuf:"bytes,3,opt,name=allowEmpty"`
}
type SyncOptions []string
// RetryStrategy contains information about the strategy to apply when a sync failed
type RetryStrategy struct {
// Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.
Limit int64 `json:"limit,omitempty" protobuf:"bytes,1,opt,name=limit"`
// Backoff controls how to backoff on subsequent retries of failed syncs
Backoff *Backoff `json:"backoff,omitempty" protobuf:"bytes,2,opt,name=backoff,casttype=Backoff"`
}
// Backoff is the backoff strategy to use on subsequent retries for failing syncs
type Backoff struct {
// Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
Duration string `json:"duration,omitempty" protobuf:"bytes,1,opt,name=duration"`
// Factor is a factor to multiply the base duration after each failed retry
Factor *int64 `json:"factor,omitempty" protobuf:"bytes,2,name=factor"`
// MaxDuration is the maximum amount of time allowed for the backoff strategy
MaxDuration string `json:"maxDuration,omitempty" protobuf:"bytes,3,opt,name=maxDuration"`
}
type ManagedNamespaceMetadata struct {
Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,1,opt,name=labels"`
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,2,opt,name=annotations"`
}
IgnoreDifferences
type IgnoreDifferences []ResourceIgnoreDifferences
// ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.
type ResourceIgnoreDifferences struct {
Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
Kind string `json:"kind" protobuf:"bytes,2,opt,name=kind"`
Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
Namespace string `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"`
JSONPointers []string `json:"jsonPointers,omitempty" protobuf:"bytes,5,opt,name=jsonPointers"`
JQPathExpressions []string `json:"jqPathExpressions,omitempty" protobuf:"bytes,6,opt,name=jqPathExpressions"`
// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
// desired state defined in the SCM and won't be displayed in diffs
ManagedFieldsManagers []string `json:"managedFieldsManagers,omitempty" protobuf:"bytes,7,opt,name=managedFieldsManagers"`
}
Info
type Info struct {
Name string `json:"name" protobuf:"bytes,1,name=name"`
Value string `json:"value" protobuf:"bytes,2,name=value"`
}
ApplicationSources
// ApplicationSources contains list of required information about the sources of an application
type ApplicationSources []ApplicationSource
ApplicationSourceHelm
// ApplicationSourceHelm holds helm specific options
type ApplicationSourceHelm struct {
// ValuesFiles is a list of Helm value files to use when generating a template
ValueFiles []string `json:"valueFiles,omitempty" protobuf:"bytes,1,opt,name=valueFiles"`
// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation
Parameters []HelmParameter `json:"parameters,omitempty" protobuf:"bytes,2,opt,name=parameters"`
// ReleaseName is the Helm release name to use. If omitted it will use the application name
ReleaseName string `json:"releaseName,omitempty" protobuf:"bytes,3,opt,name=releaseName"`
// Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.
// +patchStrategy=replace
Values string `json:"values,omitempty" patchStrategy:"replace" protobuf:"bytes,4,opt,name=values"`
// FileParameters are file parameters to the helm template
FileParameters []HelmFileParameter `json:"fileParameters,omitempty" protobuf:"bytes,5,opt,name=fileParameters"`
// Version is the Helm version to use for templating ("3")
Version string `json:"version,omitempty" protobuf:"bytes,6,opt,name=version"`
// PassCredentials pass credentials to all domains (Helm's --pass-credentials)
PassCredentials bool `json:"passCredentials,omitempty" protobuf:"bytes,7,opt,name=passCredentials"`
// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values
IgnoreMissingValueFiles bool `json:"ignoreMissingValueFiles,omitempty" protobuf:"bytes,8,opt,name=ignoreMissingValueFiles"`
// SkipCrds skips custom resource definition installation step (Helm's --skip-crds)
SkipCrds bool `json:"skipCrds,omitempty" protobuf:"bytes,9,opt,name=skipCrds"`
// ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.
// +kubebuilder:pruning:PreserveUnknownFields
ValuesObject *runtime.RawExtension `json:"valuesObject,omitempty" protobuf:"bytes,10,opt,name=valuesObject"`
}
ApplicationSourceKustomize
// ApplicationSourceKustomize holds options specific to an Application source specific to Kustomize
type ApplicationSourceKustomize struct {
// NamePrefix is a prefix appended to resources for Kustomize apps
NamePrefix string `json:"namePrefix,omitempty" protobuf:"bytes,1,opt,name=namePrefix"`
// NameSuffix is a suffix appended to resources for Kustomize apps
NameSuffix string `json:"nameSuffix,omitempty" protobuf:"bytes,2,opt,name=nameSuffix"`
// Images is a list of Kustomize image override specifications
Images KustomizeImages `json:"images,omitempty" protobuf:"bytes,3,opt,name=images"`
// CommonLabels is a list of additional labels to add to rendered manifests
CommonLabels map[string]string `json:"commonLabels,omitempty" protobuf:"bytes,4,opt,name=commonLabels"`
// Version controls which version of Kustomize to use for rendering manifests
Version string `json:"version,omitempty" protobuf:"bytes,5,opt,name=version"`
// CommonAnnotations is a list of additional annotations to add to rendered manifests
CommonAnnotations map[string]string `json:"commonAnnotations,omitempty" protobuf:"bytes,6,opt,name=commonAnnotations"`
// ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
ForceCommonLabels bool `json:"forceCommonLabels,omitempty" protobuf:"bytes,7,opt,name=forceCommonLabels"`
// ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
ForceCommonAnnotations bool `json:"forceCommonAnnotations,omitempty" protobuf:"bytes,8,opt,name=forceCommonAnnotations"`
// Namespace sets the namespace that Kustomize adds to all resources
Namespace string `json:"namespace,omitempty" protobuf:"bytes,9,opt,name=namespace"`
// CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values
CommonAnnotationsEnvsubst bool `json:"commonAnnotationsEnvsubst,omitempty" protobuf:"bytes,10,opt,name=commonAnnotationsEnvsubst"`
// Replicas is a list of Kustomize Replicas override specifications
Replicas KustomizeReplicas `json:"replicas,omitempty" protobuf:"bytes,11,opt,name=replicas"`
// Patches is a list of Kustomize patches
Patches KustomizePatches `json:"patches,omitempty" protobuf:"bytes,12,opt,name=patches"`
// Components specifies a list of kustomize components to add to the kustomization before building
Components []string `json:"components,omitempty" protobuf:"bytes,13,rep,name=components"`
//LabelWithoutSelector specifies whether to apply common labels to resource selectors or not
LabelWithoutSelector bool `json:"labelWithoutSelector,omitempty" protobuf:"bytes,14,opt,name=labelWithoutSelector"`
}
ApplicationSourceDirectory
// ApplicationSourceDirectory holds options for applications of type plain YAML or Jsonnet
type ApplicationSourceDirectory struct {
// Recurse specifies whether to scan a directory recursively for manifests
Recurse bool `json:"recurse,omitempty" protobuf:"bytes,1,opt,name=recurse"`
// Jsonnet holds options specific to Jsonnet
Jsonnet ApplicationSourceJsonnet `json:"jsonnet,omitempty" protobuf:"bytes,2,opt,name=jsonnet"`
// Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation
Exclude string `json:"exclude,omitempty" protobuf:"bytes,3,opt,name=exclude"`
// Include contains a glob pattern to match paths against that should be explicitly included during manifest generation
Include string `json:"include,omitempty" protobuf:"bytes,4,opt,name=include"`
}
ApplicationSourcePlugin
// ApplicationSourcePlugin holds options specific to config management plugins
type ApplicationSourcePlugin struct {
Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
Env `json:"env,omitempty" protobuf:"bytes,2,opt,name=env"`
Parameters ApplicationSourcePluginParameters `json:"parameters,omitempty" protobuf:"bytes,3,opt,name=parameters"`
}
ResourceStatus
// ResourceStatus holds the current sync and health status of a resource
// TODO: describe members of this type
type ResourceStatus struct {
Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
Version string `json:"version,omitempty" protobuf:"bytes,2,opt,name=version"`
Kind string `json:"kind,omitempty" protobuf:"bytes,3,opt,name=kind"`
Namespace string `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"`
Name string `json:"name,omitempty" protobuf:"bytes,5,opt,name=name"`
Status SyncStatusCode `json:"status,omitempty" protobuf:"bytes,6,opt,name=status"`
Health *HealthStatus `json:"health,omitempty" protobuf:"bytes,7,opt,name=health"`
Hook bool `json:"hook,omitempty" protobuf:"bytes,8,opt,name=hook"`
RequiresPruning bool `json:"requiresPruning,omitempty" protobuf:"bytes,9,opt,name=requiresPruning"`
SyncWave int64 `json:"syncWave,omitempty" protobuf:"bytes,10,opt,name=syncWave"`
}
SyncStatus
// SyncStatus contains information about the currently observed live and desired states of an application
type SyncStatus struct {
// Status is the sync state of the comparison
Status SyncStatusCode `json:"status" protobuf:"bytes,1,opt,name=status,casttype=SyncStatusCode"`
// ComparedTo contains information about what has been compared
// +patchStrategy=replace
ComparedTo ComparedTo `json:"comparedTo,omitempty" protobuf:"bytes,2,opt,name=comparedTo" patchStrategy:"replace"`
// Revision contains information about the revision the comparison has been performed to
Revision string `json:"revision,omitempty" protobuf:"bytes,3,opt,name=revision"`
// Revisions contains information about the revisions of multiple sources the comparison has been performed to
Revisions []string `json:"revisions,omitempty" protobuf:"bytes,4,opt,name=revisions"`
}
HealthStatus
// HealthStatus contains information about the currently observed health state of an application or resource
type HealthStatus struct {
// Status holds the status code of the application or resource
Status health.HealthStatusCode `json:"status,omitempty" protobuf:"bytes,1,opt,name=status"`
// Message is a human-readable informational message describing the health status
Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"`
}
资源 appprojects 结构
AppProject
// AppProject provides a logical grouping of applications, providing controls for:
type AppProject struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
Spec AppProjectSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
Status AppProjectStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
AppProjectSpec
// AppProjectSpec is the specification of an AppProject
type AppProjectSpec struct {
// SourceRepos contains list of repository URLs which can be used for deployment
// 允许可用于部署的 git 仓库列表
SourceRepos []string `json:"sourceRepos,omitempty" protobuf:"bytes,1,name=sourceRepos"`
// Destinations contains list of destinations available for deployment
// 允许可用于部署的 k8s 目标集群
Destinations []ApplicationDestination `json:"destinations,omitempty" protobuf:"bytes,2,name=destination"`
// Description contains optional project description
Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"`
// Roles are user defined RBAC roles associated with this project
// 定义项目权限
Roles []ProjectRole `json:"roles,omitempty" protobuf:"bytes,4,rep,name=roles"`
// ClusterResourceWhitelist contains list of whitelisted cluster level resources
// 集群范围内的资源白名单
ClusterResourceWhitelist []metav1.GroupKind `json:"clusterResourceWhitelist,omitempty" protobuf:"bytes,5,opt,name=clusterResourceWhitelist"`
// NamespaceResourceBlacklist contains list of blacklisted namespace level resources
// 命名空间范围内的黑名单
NamespaceResourceBlacklist []metav1.GroupKind `json:"namespaceResourceBlacklist,omitempty" protobuf:"bytes,6,opt,name=namespaceResourceBlacklist"`
// OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
OrphanedResources *OrphanedResourcesMonitorSettings `json:"orphanedResources,omitempty" protobuf:"bytes,7,opt,name=orphanedResources"`
// SyncWindows controls when syncs can be run for apps in this project
// 控制该项目下应用可被同步部署的时间
SyncWindows SyncWindows `json:"syncWindows,omitempty" protobuf:"bytes,8,opt,name=syncWindows"`
// NamespaceResourceWhitelist contains list of whitelisted namespace level resources
// 命名空间范围内的白名单
NamespaceResourceWhitelist []metav1.GroupKind `json:"namespaceResourceWhitelist,omitempty" protobuf:"bytes,9,opt,name=namespaceResourceWhitelist"`
// SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
SignatureKeys []SignatureKey `json:"signatureKeys,omitempty" protobuf:"bytes,10,opt,name=signatureKeys"`
// ClusterResourceBlacklist contains list of blacklisted cluster level resources
// 集群范围内的资源黑名单
ClusterResourceBlacklist []metav1.GroupKind `json:"clusterResourceBlacklist,omitempty" protobuf:"bytes,11,opt,name=clusterResourceBlacklist"`
// SourceNamespaces defines the namespaces application resources are allowed to be created in
// 当开启多命名空间下,允许非 "argocd" 命名空间的应用可关联该项目
SourceNamespaces []string `json:"sourceNamespaces,omitempty" protobuf:"bytes,12,opt,name=sourceNamespaces"`
// PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped
PermitOnlyProjectScopedClusters bool `json:"permitOnlyProjectScopedClusters,omitempty" protobuf:"bytes,13,opt,name=permitOnlyProjectScopedClusters"`
}
AppProjectStatus
// AppProjectStatus contains status information for AppProject CRs
type AppProjectStatus struct {
// JWTTokensByRole contains a list of JWT tokens issued for a given role
JWTTokensByRole map[string]JWTTokens `json:"jwtTokensByRole,omitempty" protobuf:"bytes,1,opt,name=jwtTokensByRole"`
}
ProjectRole
// ProjectRole represents a role that has access to a project
type ProjectRole struct {
// Name is a name for this role
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
// Description is a description of the role
Description string `json:"description,omitempty" protobuf:"bytes,2,opt,name=description"`
// Policies Stores a list of casbin formatted strings that define access policies for the role in the project
Policies []string `json:"policies,omitempty" protobuf:"bytes,3,rep,name=policies"`
// JWTTokens are a list of generated JWT tokens bound to this role
JWTTokens []JWTToken `json:"jwtTokens,omitempty" protobuf:"bytes,4,rep,name=jwtTokens"`
// Groups are a list of OIDC group claims bound to this role
Groups []string `json:"groups,omitempty" protobuf:"bytes,5,rep,name=groups"`
}
// JWTToken holds the issuedAt and expiresAt values of a token
type JWTToken struct {
IssuedAt int64 `json:"iat" protobuf:"int64,1,opt,name=iat"`
ExpiresAt int64 `json:"exp,omitempty" protobuf:"int64,2,opt,name=exp"`
ID string `json:"id,omitempty" protobuf:"bytes,3,opt,name=id"`
}
metav1.GroupKind
见 GroupKind。
OrphanedResourcesMonitorSettings
// OrphanedResourcesMonitorSettings holds settings of orphaned resources monitoring
type OrphanedResourcesMonitorSettings struct {
// Warn indicates if warning condition should be created for apps which have orphaned resources
Warn *bool `json:"warn,omitempty" protobuf:"bytes,1,name=warn"`
// Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
Ignore []OrphanedResourceKey `json:"ignore,omitempty" protobuf:"bytes,2,opt,name=ignore"`
}
// OrphanedResourceKey is a reference to a resource to be ignored from
type OrphanedResourceKey struct {
Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
Kind string `json:"kind,omitempty" protobuf:"bytes,2,opt,name=kind"`
Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
}
SyncWindows
// SyncWindows is a collection of sync windows in this project
type SyncWindows []*SyncWindow
// SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
type SyncWindow struct {
// Kind defines if the window allows or blocks syncs
// 表示该时间范围内同步窗口的动作,可选择:allow, deny
Kind string `json:"kind,omitempty" protobuf:"bytes,1,opt,name=kind"`
// Schedule is the time the window will begin, specified in cron format
// 同步窗口开始时间,编写格式同 linux cron 语法,如:"30 9 * * *" 表示开始于9点30分
Schedule string `json:"schedule,omitempty" protobuf:"bytes,2,opt,name=schedule"`
// Duration is the amount of time the sync window will be open
// 同步窗口开始时间的持续时长,如:"10m", "8h" 等
Duration string `json:"duration,omitempty" protobuf:"bytes,3,opt,name=duration"`
// Applications contains a list of applications that the window will apply to
// 影响 "applications.argoproj.io" 的范围
Applications []string `json:"applications,omitempty" protobuf:"bytes,4,opt,name=applications"`
// Namespaces contains a list of namespaces that the window will apply to
// 影响命名空间的范围
Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,5,opt,name=namespaces"`
// Clusters contains a list of clusters that the window will apply to
// 影响 k8s 集群的范围
Clusters []string `json:"clusters,omitempty" protobuf:"bytes,6,opt,name=clusters"`
// ManualSync enables manual syncs when they would otherwise be blocked
ManualSync bool `json:"manualSync,omitempty" protobuf:"bytes,7,opt,name=manualSync"`
// TimeZone of the sync that will be applied to the schedule
// 时区,与 "schedule" 配合,必须配置,避免调度时间非以期望的时间在启动
TimeZone string `json:"timeZone,omitempty" protobuf:"bytes,8,opt,name=timeZone"`
}
SignatureKey
// SignatureKey is the specification of a key required to verify commit signatures with
type SignatureKey struct {
// The ID of the key in hexadecimal notation
KeyID string `json:"keyID" protobuf:"bytes,1,name=keyID"`
}
资源 applicationsets 结构
ApplicationSet
// ApplicationSet is a set of Application resources
type ApplicationSet struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
Spec ApplicationSetSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
Status ApplicationSetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
ApplicationSetSpec
// ApplicationSetSpec represents a class of application set state.
type ApplicationSetSpec struct {
GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"`
Generators []ApplicationSetGenerator `json:"generators" protobuf:"bytes,2,name=generators"`
Template ApplicationSetTemplate `json:"template" protobuf:"bytes,3,name=template"`
SyncPolicy *ApplicationSetSyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"`
Strategy *ApplicationSetStrategy `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"`
PreservedFields *ApplicationPreservedFields `json:"preservedFields,omitempty" protobuf:"bytes,6,opt,name=preservedFields"`
GoTemplateOptions []string `json:"goTemplateOptions,omitempty" protobuf:"bytes,7,opt,name=goTemplateOptions"`
// ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators
ApplyNestedSelectors bool `json:"applyNestedSelectors,omitempty" protobuf:"bytes,8,name=applyNestedSelectors"`
IgnoreApplicationDifferences ApplicationSetIgnoreDifferences `json:"ignoreApplicationDifferences,omitempty" protobuf:"bytes,9,name=ignoreApplicationDifferences"`
TemplatePatch *string `json:"templatePatch,omitempty" protobuf:"bytes,10,name=templatePatch"`
}
ApplicationSetStatus
// ApplicationSetStatus defines the observed state of ApplicationSet
type ApplicationSetStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
Conditions []ApplicationSetCondition `json:"conditions,omitempty" protobuf:"bytes,1,name=conditions"`
ApplicationStatus []ApplicationSetApplicationStatus `json:"applicationStatus,omitempty" protobuf:"bytes,2,name=applicationStatus"`
}
ApplicationSetGenerator
// ApplicationSetGenerator represents a generator at the top level of an ApplicationSet.
type ApplicationSetGenerator struct {
List *ListGenerator `json:"list,omitempty" protobuf:"bytes,1,name=list"`
Clusters *ClusterGenerator `json:"clusters,omitempty" protobuf:"bytes,2,name=clusters"`
Git *GitGenerator `json:"git,omitempty" protobuf:"bytes,3,name=git"`
SCMProvider *SCMProviderGenerator `json:"scmProvider,omitempty" protobuf:"bytes,4,name=scmProvider"`
ClusterDecisionResource *DuckTypeGenerator `json:"clusterDecisionResource,omitempty" protobuf:"bytes,5,name=clusterDecisionResource"`
PullRequest *PullRequestGenerator `json:"pullRequest,omitempty" protobuf:"bytes,6,name=pullRequest"`
Matrix *MatrixGenerator `json:"matrix,omitempty" protobuf:"bytes,7,name=matrix"`
Merge *MergeGenerator `json:"merge,omitempty" protobuf:"bytes,8,name=merge"`
// Selector allows to post-filter all generator.
Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,9,name=selector"`
Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,10,name=plugin"`
}
ApplicationSetTemplate
// ApplicationSetTemplate represents argocd ApplicationSpec
type ApplicationSetTemplate struct {
ApplicationSetTemplateMeta `json:"metadata" protobuf:"bytes,1,name=metadata"`
Spec ApplicationSpec `json:"spec" protobuf:"bytes,2,name=spec"`
}
// ApplicationSetTemplateMeta represents the Argo CD application fields that may
// be used for Applications generated from the ApplicationSet (based on metav1.ObjectMeta)
type ApplicationSetTemplateMeta struct {
Name string `json:"name,omitempty" protobuf:"bytes,1,name=name"`
Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,name=namespace"`
Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,3,name=labels"`
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,4,name=annotations"`
Finalizers []string `json:"finalizers,omitempty" protobuf:"bytes,5,name=finalizers"`
}
ApplicationSetSyncPolicy
// ApplicationSetSyncPolicy configures how generated Applications will relate to their
// ApplicationSet.
type ApplicationSetSyncPolicy struct {
// PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted.
PreserveResourcesOnDeletion bool `json:"preserveResourcesOnDeletion,omitempty" protobuf:"bytes,1,name=syncPolicy"`
// ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=create-only;create-update;create-delete;sync
ApplicationsSync *ApplicationsSyncPolicy `json:"applicationsSync,omitempty" protobuf:"bytes,2,opt,name=applicationsSync,casttype=ApplicationsSyncPolicy"`
}
ApplicationSetStrategy
// ApplicationSetStrategy configures how generated Applications are updated in sequence.
type ApplicationSetStrategy struct {
Type string `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"`
RollingSync *ApplicationSetRolloutStrategy `json:"rollingSync,omitempty" protobuf:"bytes,2,opt,name=rollingSync"`
// RollingUpdate *ApplicationSetRolloutStrategy `json:"rollingUpdate,omitempty" protobuf:"bytes,3,opt,name=rollingUpdate"`
}
type ApplicationSetRolloutStrategy struct {
Steps []ApplicationSetRolloutStep `json:"steps,omitempty" protobuf:"bytes,1,opt,name=steps"`
}
type ApplicationSetRolloutStep struct {
MatchExpressions []ApplicationMatchExpression `json:"matchExpressions,omitempty" protobuf:"bytes,1,opt,name=matchExpressions"`
MaxUpdate *intstr.IntOrString `json:"maxUpdate,omitempty" protobuf:"bytes,2,opt,name=maxUpdate"`
}
type ApplicationMatchExpression struct {
Key string `json:"key,omitempty" protobuf:"bytes,1,opt,name=key"`
Operator string `json:"operator,omitempty" protobuf:"bytes,2,opt,name=operator"`
Values []string `json:"values,omitempty" protobuf:"bytes,3,opt,name=values"`
}
ApplicationPreservedFields
type ApplicationPreservedFields struct {
Annotations []string `json:"annotations,omitempty" protobuf:"bytes,1,name=annotations"`
Labels []string `json:"labels,omitempty" protobuf:"bytes,2,name=labels"`
}
ApplicationSetIgnoreDifferences
// ApplicationSetIgnoreDifferences configures how the ApplicationSet controller will ignore differences in live
// applications when applying changes from generated applications.
type ApplicationSetIgnoreDifferences []ApplicationSetResourceIgnoreDifferences
// ApplicationSetResourceIgnoreDifferences configures how the ApplicationSet controller will ignore differences in live
// applications when applying changes from generated applications.
type ApplicationSetResourceIgnoreDifferences struct {
// Name is the name of the application to ignore differences for. If not specified, the rule applies to all applications.
Name string `json:"name,omitempty" protobuf:"bytes,1,name=name"`
// JSONPointers is a list of JSON pointers to fields to ignore differences for.
JSONPointers []string `json:"jsonPointers,omitempty" protobuf:"bytes,2,name=jsonPointers"`
// JQPathExpressions is a list of JQ path expressions to fields to ignore differences for.
JQPathExpressions []string `json:"jqPathExpressions,omitempty" protobuf:"bytes,3,name=jqExpressions"`
}
资源 repository 结构
Repository
// Repository is a repository holding application configurations
type Repository struct {
// Repo contains the URL to the remote repository
Repo string `json:"repo" protobuf:"bytes,1,opt,name=repo"`
// Username contains the user name used for authenticating at the remote repository
Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"`
// Password contains the password or PAT used for authenticating at the remote repository
Password string `json:"password,omitempty" protobuf:"bytes,3,opt,name=password"`
// SSHPrivateKey contains the PEM data for authenticating at the repo server. Only used with Git repos.
SSHPrivateKey string `json:"sshPrivateKey,omitempty" protobuf:"bytes,4,opt,name=sshPrivateKey"`
// ConnectionState contains information about the current state of connection to the repository server
ConnectionState ConnectionState `json:"connectionState,omitempty" protobuf:"bytes,5,opt,name=connectionState"`
// InsecureIgnoreHostKey should not be used anymore, Insecure is favoured
// Used only for Git repos
InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty" protobuf:"bytes,6,opt,name=insecureIgnoreHostKey"`
// Insecure specifies whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys
Insecure bool `json:"insecure,omitempty" protobuf:"bytes,7,opt,name=insecure"`
// EnableLFS specifies whether git-lfs support should be enabled for this repo. Only valid for Git repositories.
EnableLFS bool `json:"enableLfs,omitempty" protobuf:"bytes,8,opt,name=enableLfs"`
// TLSClientCertData contains a certificate in PEM format for authenticating at the repo server
TLSClientCertData string `json:"tlsClientCertData,omitempty" protobuf:"bytes,9,opt,name=tlsClientCertData"`
// TLSClientCertKey contains a private key in PEM format for authenticating at the repo server
TLSClientCertKey string `json:"tlsClientCertKey,omitempty" protobuf:"bytes,10,opt,name=tlsClientCertKey"`
// Type specifies the type of the repo. Can be either "git" or "helm. "git" is assumed if empty or absent.
Type string `json:"type,omitempty" protobuf:"bytes,11,opt,name=type"`
// Name specifies a name to be used for this repo. Only used with Helm repos
Name string `json:"name,omitempty" protobuf:"bytes,12,opt,name=name"`
// Whether credentials were inherited from a credential set
InheritedCreds bool `json:"inheritedCreds,omitempty" protobuf:"bytes,13,opt,name=inheritedCreds"`
// EnableOCI specifies whether helm-oci support should be enabled for this repo
EnableOCI bool `json:"enableOCI,omitempty" protobuf:"bytes,14,opt,name=enableOCI"`
// Github App Private Key PEM data
GithubAppPrivateKey string `json:"githubAppPrivateKey,omitempty" protobuf:"bytes,15,opt,name=githubAppPrivateKey"`
// GithubAppId specifies the ID of the GitHub app used to access the repo
GithubAppId int64 `json:"githubAppID,omitempty" protobuf:"bytes,16,opt,name=githubAppID"`
// GithubAppInstallationId specifies the installation ID of the GitHub App used to access the repo
GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty" protobuf:"bytes,17,opt,name=githubAppInstallationID"`
// GithubAppEnterpriseBaseURL specifies the base URL of GitHub Enterprise installation. If empty will default to https://api.github.com
GitHubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty" protobuf:"bytes,18,opt,name=githubAppEnterpriseBaseUrl"`
// Proxy specifies the HTTP/HTTPS proxy used to access the repo
Proxy string `json:"proxy,omitempty" protobuf:"bytes,19,opt,name=proxy"`
// Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity
Project string `json:"project,omitempty" protobuf:"bytes,20,opt,name=project"`
// GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
GCPServiceAccountKey string `json:"gcpServiceAccountKey,omitempty" protobuf:"bytes,21,opt,name=gcpServiceAccountKey"`
// ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,22,opt,name=forceHttpBasicAuth"`
}
secretToRepository
util/db/repository_secrets.go
func secretToRepository(secret *corev1.Secret) (*appsv1.Repository, error) {
repository := &appsv1.Repository{
Name: string(secret.Data["name"]),
Repo: string(secret.Data["url"]),
Username: string(secret.Data["username"]),
Password: string(secret.Data["password"]),
SSHPrivateKey: string(secret.Data["sshPrivateKey"]),
TLSClientCertData: string(secret.Data["tlsClientCertData"]),
TLSClientCertKey: string(secret.Data["tlsClientCertKey"]),
Type: string(secret.Data["type"]),
GithubAppPrivateKey: string(secret.Data["githubAppPrivateKey"]),
GitHubAppEnterpriseBaseURL: string(secret.Data["githubAppEnterpriseBaseUrl"]),
Proxy: string(secret.Data["proxy"]),
Project: string(secret.Data["project"]),
GCPServiceAccountKey: string(secret.Data["gcpServiceAccountKey"]),
}
insecureIgnoreHostKey, err := boolOrFalse(secret, "insecureIgnoreHostKey")
if err != nil {
return repository, err
}
repository.InsecureIgnoreHostKey = insecureIgnoreHostKey
insecure, err := boolOrFalse(secret, "insecure")
if err != nil {
return repository, err
}
repository.Insecure = insecure
enableLfs, err := boolOrFalse(secret, "enableLfs")
if err != nil {
return repository, err
}
repository.EnableLFS = enableLfs
enableOCI, err := boolOrFalse(secret, "enableOCI")
if err != nil {
return repository, err
}
repository.EnableOCI = enableOCI
githubAppID, err := intOrZero(secret, "githubAppID")
if err != nil {
return repository, err
}
repository.GithubAppId = githubAppID
githubAppInstallationID, err := intOrZero(secret, "githubAppInstallationID")
if err != nil {
return repository, err
}
repository.GithubAppInstallationId = githubAppInstallationID
forceBasicAuth, err := boolOrFalse(secret, "forceHttpBasicAuth")
if err != nil {
return repository, err
}
repository.ForceHttpBasicAuth = forceBasicAuth
return repository, nil
}
资源 cluster 结构
Cluster
pkg/apis/application/v1alpha1/types.go
// Cluster is the definition of a cluster resource
type Cluster struct {
// ID is an internal field cluster identifier. Not exposed via API.
ID string `json:"-"`
// Server is the API server URL of the Kubernetes cluster
Server string `json:"server" protobuf:"bytes,1,opt,name=server"`
// Name of the cluster. If omitted, will use the server address
Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
// Config holds cluster information for connecting to a cluster
Config ClusterConfig `json:"config" protobuf:"bytes,3,opt,name=config"`
// DEPRECATED: use Info.ConnectionState field instead.
// ConnectionState contains information about cluster connection state
ConnectionState ConnectionState `json:"connectionState,omitempty" protobuf:"bytes,4,opt,name=connectionState"`
// DEPRECATED: use Info.ServerVersion field instead.
// The server version
ServerVersion string `json:"serverVersion,omitempty" protobuf:"bytes,5,opt,name=serverVersion"`
// Holds list of namespaces which are accessible in that cluster. Cluster level resources will be ignored if namespace list is not empty.
Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,opt,name=namespaces"`
// RefreshRequestedAt holds time when cluster cache refresh has been requested
RefreshRequestedAt *metav1.Time `json:"refreshRequestedAt,omitempty" protobuf:"bytes,7,opt,name=refreshRequestedAt"`
// Info holds information about cluster cache and state
Info ClusterInfo `json:"info,omitempty" protobuf:"bytes,8,opt,name=info"`
// Shard contains optional shard number. Calculated on the fly by the application controller if not specified.
Shard *int64 `json:"shard,omitempty" protobuf:"bytes,9,opt,name=shard"`
// Indicates if cluster level resources should be managed. This setting is used only if cluster is connected in a namespaced mode.
ClusterResources bool `json:"clusterResources,omitempty" protobuf:"bytes,10,opt,name=clusterResources"`
// Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity
Project string `json:"project,omitempty" protobuf:"bytes,11,opt,name=project"`
// Labels for cluster secret metadata
Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,12,opt,name=labels"`
// Annotations for cluster secret metadata
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,13,opt,name=annotations"`
}
ClusterConfig
pkg/apis/application/v1alpha1/types.go
// ClusterConfig is the configuration attributes. This structure is subset of the go-client
// rest.Config with annotations added for marshalling.
type ClusterConfig struct {
// Server requires Basic authentication
Username string `json:"username,omitempty" protobuf:"bytes,1,opt,name=username"`
Password string `json:"password,omitempty" protobuf:"bytes,2,opt,name=password"`
// Server requires Bearer authentication. This client will not attempt to use
// refresh tokens for an OAuth2 flow.
// TODO: demonstrate an OAuth2 compatible client.
BearerToken string `json:"bearerToken,omitempty" protobuf:"bytes,3,opt,name=bearerToken"`
// TLSClientConfig contains settings to enable transport layer security
TLSClientConfig `json:"tlsClientConfig" protobuf:"bytes,4,opt,name=tlsClientConfig"`
// AWSAuthConfig contains IAM authentication configuration
AWSAuthConfig *AWSAuthConfig `json:"awsAuthConfig,omitempty" protobuf:"bytes,5,opt,name=awsAuthConfig"`
// ExecProviderConfig contains configuration for an exec provider
ExecProviderConfig *ExecProviderConfig `json:"execProviderConfig,omitempty" protobuf:"bytes,6,opt,name=execProviderConfig"`
}
// TLSClientConfig contains settings to enable transport layer security
type TLSClientConfig struct {
// Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only.
Insecure bool `json:"insecure" protobuf:"bytes,1,opt,name=insecure"`
// ServerName is passed to the server for SNI and is used in the client to check server
// certificates against. If ServerName is empty, the hostname used to contact the
// server is used.
ServerName string `json:"serverName,omitempty" protobuf:"bytes,2,opt,name=serverName"`
// CertData holds PEM-encoded bytes (typically read from a client certificate file).
// CertData takes precedence over CertFile
CertData []byte `json:"certData,omitempty" protobuf:"bytes,3,opt,name=certData"`
// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
// KeyData takes precedence over KeyFile
KeyData []byte `json:"keyData,omitempty" protobuf:"bytes,4,opt,name=keyData"`
// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
// CAData takes precedence over CAFile
CAData []byte `json:"caData,omitempty" protobuf:"bytes,5,opt,name=caData"`
}
// AWSAuthConfig is an AWS IAM authentication configuration
type AWSAuthConfig struct {
// ClusterName contains AWS cluster name
ClusterName string `json:"clusterName,omitempty" protobuf:"bytes,1,opt,name=clusterName"`
// RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
RoleARN string `json:"roleARN,omitempty" protobuf:"bytes,2,opt,name=roleARN"`
// Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.
Profile string `json:"profile,omitempty" protobuf:"bytes,3,opt,name=profile"`
}
// ExecProviderConfig is config used to call an external command to perform cluster authentication
// See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
type ExecProviderConfig struct {
// Command to execute
Command string `json:"command,omitempty" protobuf:"bytes,1,opt,name=command"`
// Arguments to pass to the command when executing it
Args []string `json:"args,omitempty" protobuf:"bytes,2,rep,name=args"`
// Env defines additional environment variables to expose to the process
Env map[string]string `json:"env,omitempty" protobuf:"bytes,3,opt,name=env"`
// Preferred input version of the ExecInfo
APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,4,opt,name=apiVersion"`
// This text is shown to the user when the executable doesn't seem to be present
InstallHint string `json:"installHint,omitempty" protobuf:"bytes,5,opt,name=installHint"`
}
SecretToCluster
util/db/cluster.go
// SecretToCluster converts a secret into a Cluster object
func SecretToCluster(s *apiv1.Secret) (*appv1.Cluster, error) {
var config appv1.ClusterConfig
if len(s.Data["config"]) > 0 {
err := json.Unmarshal(s.Data["config"], &config)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal cluster config: %w", err)
}
}
var namespaces []string
for _, ns := range strings.Split(string(s.Data["namespaces"]), ",") {
if ns = strings.TrimSpace(ns); ns != "" {
namespaces = append(namespaces, ns)
}
}
var refreshRequestedAt *metav1.Time
if v, found := s.Annotations[appv1.AnnotationKeyRefresh]; found {
requestedAt, err := time.Parse(time.RFC3339, v)
if err != nil {
log.Warnf("Error while parsing date in cluster secret '%s': %v", s.Name, err)
} else {
refreshRequestedAt = &metav1.Time{Time: requestedAt}
}
}
var shard *int64
if shardStr := s.Data["shard"]; shardStr != nil {
if val, err := strconv.Atoi(string(shardStr)); err != nil {
log.Warnf("Error while parsing shard in cluster secret '%s': %v", s.Name, err)
} else {
shard = pointer.Int64(int64(val))
}
}
// copy labels and annotations excluding system ones
labels := map[string]string{}
if s.Labels != nil {
labels = collections.CopyStringMap(s.Labels)
delete(labels, common.LabelKeySecretType)
}
annotations := map[string]string{}
if s.Annotations != nil {
annotations = collections.CopyStringMap(s.Annotations)
// delete system annotations
delete(annotations, apiv1.LastAppliedConfigAnnotation)
delete(annotations, common.AnnotationKeyManagedBy)
}
cluster := appv1.Cluster{
ID: string(s.UID),
Server: strings.TrimRight(string(s.Data["server"]), "/"),
Name: string(s.Data["name"]),
Namespaces: namespaces,
ClusterResources: string(s.Data["clusterResources"]) == "true",
Config: config,
RefreshRequestedAt: refreshRequestedAt,
Shard: shard,
Project: string(s.Data["project"]),
Labels: labels,
Annotations: annotations,
}
return &cluster, nil
}
最后修改 2024.06.18: docs: argo-cd datatype (9afa1ea)