数据结构

简要概述

TODO;

基于 “github.com/argoproj/argo-cd” “v2.11.3” 版本分析。

资源 argocd-cm 结构

util/settings/settings.go

配置示例

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-cm
data:
  url: http://cd.dev.k8s.173ops.com

  dex.config: |
    connectors:
      - type: github
        id: github    

该 ConfigMap 资源可配置的所有属性见 updateSettingsFromConfigMap 列表,完整示例见 argocd-cm.yaml

updateSettingsFromConfigMap

const (
    // settingServerSignatureKey designates the key for a server secret key inside a Kubernetes secret.
    settingServerSignatureKey = "server.secretkey"
    // gaTrackingID holds Google Analytics tracking id
    gaTrackingID = "ga.trackingid"
    // the URL for getting chat help, this will typically be your Slack channel for support
    helpChatURL = "help.chatUrl"
    // the text for getting chat help, defaults to "Chat now!"
    helpChatText = "help.chatText"
    // gaAnonymizeUsers specifies if user ids should be anonymized (hashed) before sending to Google Analytics. True unless value is set to 'false'
    gaAnonymizeUsers = "ga.anonymizeusers"
    // settingServerCertificate designates the key for the public cert used in TLS
    settingServerCertificate = "tls.crt"
    // settingServerPrivateKey designates the key for the private key used in TLS
    settingServerPrivateKey = "tls.key"
    // settingURLKey designates the key where Argo CD's external URL is set
    settingURLKey = "url"
    // repositoriesKey designates the key where ArgoCDs repositories list is set
    repositoriesKey = "repositories"
    // repositoryCredentialsKey designates the key where ArgoCDs repositories credentials list is set
    repositoryCredentialsKey = "repository.credentials"
    // helmRepositoriesKey designates the key where list of helm repositories is set
    helmRepositoriesKey = "helm.repositories"
    // settingDexConfigKey designates the key for the dex config
    settingDexConfigKey = "dex.config"
    // settingsOIDCConfigKey designates the key for OIDC config
    settingsOIDCConfigKey = "oidc.config"
    // statusBadgeEnabledKey holds the key which enables of disables status badge feature
    statusBadgeEnabledKey = "statusbadge.enabled"
    // statusBadgeRootUrlKey holds the key for the root badge URL override
    statusBadgeRootUrlKey = "statusbadge.url"
    // settingsWebhookGitHubSecret is the key for the GitHub shared webhook secret
    settingsWebhookGitHubSecretKey = "webhook.github.secret"
    // settingsWebhookGitLabSecret is the key for the GitLab shared webhook secret
    settingsWebhookGitLabSecretKey = "webhook.gitlab.secret"
    // settingsWebhookBitbucketUUID is the key for Bitbucket webhook UUID
    settingsWebhookBitbucketUUIDKey = "webhook.bitbucket.uuid"
    // settingsWebhookBitbucketServerSecret is the key for BitbucketServer webhook secret
    settingsWebhookBitbucketServerSecretKey = "webhook.bitbucketserver.secret"
    // settingsWebhookGogsSecret is the key for Gogs webhook secret
    settingsWebhookGogsSecretKey = "webhook.gogs.secret"
    // settingsWebhookAzureDevOpsUsernameKey is the key for Azure DevOps webhook username
    settingsWebhookAzureDevOpsUsernameKey = "webhook.azuredevops.username"
    // settingsWebhookAzureDevOpsPasswordKey is the key for Azure DevOps webhook password
    settingsWebhookAzureDevOpsPasswordKey = "webhook.azuredevops.password"
    // settingsApplicationInstanceLabelKey is the key to configure injected app instance label key
    settingsApplicationInstanceLabelKey = "application.instanceLabelKey"
    // settingsResourceTrackingMethodKey is the key to configure tracking method for application resources
    settingsResourceTrackingMethodKey = "application.resourceTrackingMethod"
    // resourcesCustomizationsKey is the key to the map of resource overrides
    resourceCustomizationsKey = "resource.customizations"
    // resourceExclusions is the key to the list of excluded resources
    resourceExclusionsKey = "resource.exclusions"
    // resourceInclusions is the key to the list of explicitly watched resources
    resourceInclusionsKey = "resource.inclusions"
    // resourceIgnoreResourceUpdatesEnabledKey is the key to a boolean determining whether the resourceIgnoreUpdates feature is enabled
    resourceIgnoreResourceUpdatesEnabledKey = "resource.ignoreResourceUpdatesEnabled"
    // resourceCustomLabelKey is the key to a custom label to show in node info, if present
    resourceCustomLabelsKey = "resource.customLabels"
    // kustomizeBuildOptionsKey is a string of kustomize build parameters
    kustomizeBuildOptionsKey = "kustomize.buildOptions"
    // kustomizeVersionKeyPrefix is a kustomize version key prefix
    kustomizeVersionKeyPrefix = "kustomize.version"
    // kustomizePathPrefixKey is a kustomize path for a specific version
    kustomizePathPrefixKey = "kustomize.path"
    // anonymousUserEnabledKey is the key which enables or disables anonymous user
    anonymousUserEnabledKey = "users.anonymous.enabled"
    // userSessionDurationKey is the key which specifies token expiration duration
    userSessionDurationKey = "users.session.duration"
    // diffOptions is the key where diff options are configured
    resourceCompareOptionsKey = "resource.compareoptions"
    // settingUiCssURLKey designates the key for user-defined CSS URL for UI customization
    settingUiCssURLKey = "ui.cssurl"
    // settingUiBannerContentKey designates the key for content of user-defined info banner for UI
    settingUiBannerContentKey = "ui.bannercontent"
    // settingUiBannerURLKey designates the key for the link for user-defined info banner for UI
    settingUiBannerURLKey = "ui.bannerurl"
    // settingUiBannerPermanentKey designates the key for whether the banner is permanent and not closeable
    settingUiBannerPermanentKey = "ui.bannerpermanent"
    // settingUiBannerPositionKey designates the key for the position of the banner
    settingUiBannerPositionKey = "ui.bannerposition"
    // settingsBinaryUrlsKey designates the key for the argocd binary URLs
    settingsBinaryUrlsKey = "help.download"
    // globalProjectsKey designates the key for global project settings
    globalProjectsKey = "globalProjects"
    // initialPasswordSecretName is the name of the secret that will hold the initial admin password
    initialPasswordSecretName = "argocd-initial-admin-secret"
    // initialPasswordSecretField is the name of the field in initialPasswordSecretName to store the password
    initialPasswordSecretField = "password"
    // initialPasswordLength defines the length of the generated initial password
    initialPasswordLength = 16
    // externalServerTLSSecretName defines the name of the external secret holding the server's TLS certificate
    externalServerTLSSecretName = "argocd-server-tls"
    // partOfArgoCDSelector holds label selector that should be applied to config maps and secrets used to manage Argo CD
    partOfArgoCDSelector = "app.kubernetes.io/part-of=argocd"
    // settingsPasswordPatternKey is the key to configure user password regular expression
    settingsPasswordPatternKey = "passwordPattern"
    // inClusterEnabledKey is the key to configure whether to allow in-cluster server address
    inClusterEnabledKey = "cluster.inClusterEnabled"
    // settingsServerRBACLogEnforceEnable is the key to configure whether logs RBAC enforcement is enabled
    settingsServerRBACLogEnforceEnableKey = "server.rbac.log.enforce.enable"
    // MaxPodLogsToRender the maximum number of pod logs to render
    settingsMaxPodLogsToRender = "server.maxPodLogsToRender"
    // helmValuesFileSchemesKey is the key to configure the list of supported helm values file schemas
    helmValuesFileSchemesKey = "helm.valuesFileSchemes"
    // execEnabledKey is the key to configure whether the UI exec feature is enabled
    execEnabledKey = "exec.enabled"
    // execShellsKey is the key to configure which shells are allowed for `exec` and in what order they are tried
    execShellsKey = "exec.shells"
    // oidcTLSInsecureSkipVerifyKey is the key to configure whether TLS cert verification is skipped for OIDC connections
    oidcTLSInsecureSkipVerifyKey = "oidc.tls.insecure.skip.verify"
    // ApplicationDeepLinks is the application deep link key
    ApplicationDeepLinks = "application.links"
    // ProjectDeepLinks is the project deep link key
    ProjectDeepLinks = "project.links"
    // ResourceDeepLinks is the resource deep link key
    ResourceDeepLinks = "resource.links"
    extensionConfig   = "extension.config"
    // RespectRBAC is the key to configure argocd to respect rbac while watching for resources
    RespectRBAC            = "resource.respectRBAC"
    RespectRBACValueStrict = "strict"
    RespectRBACValueNormal = "normal"
)

对 ConfigMap 资源转换为 ArgoCDSettings 数据结构方法:

// updateSettingsFromConfigMap transfers settings from a Kubernetes configmap into an ArgoCDSettings struct.
func updateSettingsFromConfigMap(settings *ArgoCDSettings, argoCDCM *apiv1.ConfigMap) {
    settings.DexConfig = argoCDCM.Data[settingDexConfigKey]
    settings.OIDCConfigRAW = argoCDCM.Data[settingsOIDCConfigKey]
    settings.KustomizeBuildOptions = argoCDCM.Data[kustomizeBuildOptionsKey]
    settings.StatusBadgeEnabled = argoCDCM.Data[statusBadgeEnabledKey] == "true"
    settings.StatusBadgeRootUrl = argoCDCM.Data[statusBadgeRootUrlKey]
    settings.AnonymousUserEnabled = argoCDCM.Data[anonymousUserEnabledKey] == "true"
    settings.UiCssURL = argoCDCM.Data[settingUiCssURLKey]
    settings.UiBannerContent = argoCDCM.Data[settingUiBannerContentKey]
    settings.UiBannerPermanent = argoCDCM.Data[settingUiBannerPermanentKey] == "true"
    settings.UiBannerPosition = argoCDCM.Data[settingUiBannerPositionKey]
    settings.ServerRBACLogEnforceEnable = argoCDCM.Data[settingsServerRBACLogEnforceEnableKey] == "true"
    settings.BinaryUrls = getDownloadBinaryUrlsFromConfigMap(argoCDCM)
    if err := validateExternalURL(argoCDCM.Data[settingURLKey]); err != nil {
        log.Warnf("Failed to validate URL in configmap: %v", err)
    }
    settings.URL = argoCDCM.Data[settingURLKey]
    if err := validateExternalURL(argoCDCM.Data[settingUiBannerURLKey]); err != nil {
        log.Warnf("Failed to validate UI banner URL in configmap: %v", err)
    }
    settings.UiBannerURL = argoCDCM.Data[settingUiBannerURLKey]
    settings.UserSessionDuration = time.Hour * 24
    if userSessionDurationStr, ok := argoCDCM.Data[userSessionDurationKey]; ok {
        if val, err := timeutil.ParseDuration(userSessionDurationStr); err != nil {
            log.Warnf("Failed to parse '%s' key: %v", userSessionDurationKey, err)
        } else {
            settings.UserSessionDuration = *val
        }
    }
    settings.PasswordPattern = argoCDCM.Data[settingsPasswordPatternKey]
    if settings.PasswordPattern == "" {
        settings.PasswordPattern = common.PasswordPatten
    }
    if maxPodLogsToRenderStr, ok := argoCDCM.Data[settingsMaxPodLogsToRender]; ok {
        if val, err := strconv.ParseInt(maxPodLogsToRenderStr, 10, 64); err != nil {
            log.Warnf("Failed to parse '%s' key: %v", settingsMaxPodLogsToRender, err)
        } else {
            settings.MaxPodLogsToRender = val
        }
    }
    settings.InClusterEnabled = argoCDCM.Data[inClusterEnabledKey] != "false"
    settings.ExecEnabled = argoCDCM.Data[execEnabledKey] == "true"
    execShells := argoCDCM.Data[execShellsKey]
    if execShells != "" {
        settings.ExecShells = strings.Split(execShells, ",")
    } else {
        // Fall back to default. If you change this list, also change docs/operator-manual/argocd-cm.yaml.
        settings.ExecShells = []string{"bash", "sh", "powershell", "cmd"}
    }
    settings.TrackingMethod = argoCDCM.Data[settingsResourceTrackingMethodKey]
    settings.OIDCTLSInsecureSkipVerify = argoCDCM.Data[oidcTLSInsecureSkipVerifyKey] == "true"
    settings.ExtensionConfig = argoCDCM.Data[extensionConfig]
}

ArgoCDSettings

// ArgoCDSettings holds in-memory runtime configuration options.
type ArgoCDSettings struct {
    // URL is the externally facing URL users will visit to reach Argo CD.
    // The value here is used when configuring SSO. Omitting this value will disable SSO.
    URL string `json:"url,omitempty"`
    // Indicates if status badge is enabled or not.
    StatusBadgeEnabled bool `json:"statusBadgeEnable"`
    // Indicates if status badge custom root URL should be used.
    StatusBadgeRootUrl string `json:"statusBadgeRootUrl,omitempty"`
    // DexConfig contains portions of a dex config yaml
    DexConfig string `json:"dexConfig,omitempty"`
    // OIDCConfigRAW holds OIDC configuration as a raw string
    OIDCConfigRAW string `json:"oidcConfig,omitempty"`
    // ServerSignature holds the key used to generate JWT tokens.
    ServerSignature []byte `json:"serverSignature,omitempty"`
    // Certificate holds the certificate/private key for the Argo CD API server.
    // If nil, will run insecure without TLS.
    Certificate *tls.Certificate `json:"-"`
    // CertificateIsExternal indicates whether Certificate was loaded from external secret
    CertificateIsExternal bool `json:"-"`
    // WebhookGitLabSecret holds the shared secret for authenticating GitHub webhook events
    WebhookGitHubSecret string `json:"webhookGitHubSecret,omitempty"`
    // WebhookGitLabSecret holds the shared secret for authenticating GitLab webhook events
    WebhookGitLabSecret string `json:"webhookGitLabSecret,omitempty"`
    // WebhookBitbucketUUID holds the UUID for authenticating Bitbucket webhook events
    WebhookBitbucketUUID string `json:"webhookBitbucketUUID,omitempty"`
    // WebhookBitbucketServerSecret holds the shared secret for authenticating BitbucketServer webhook events
    WebhookBitbucketServerSecret string `json:"webhookBitbucketServerSecret,omitempty"`
    // WebhookGogsSecret holds the shared secret for authenticating Gogs webhook events
    WebhookGogsSecret string `json:"webhookGogsSecret,omitempty"`
    // WebhookAzureDevOpsUsername holds the username for authenticating Azure DevOps webhook events
    WebhookAzureDevOpsUsername string `json:"webhookAzureDevOpsUsername,omitempty"`
    // WebhookAzureDevOpsPassword holds the password for authenticating Azure DevOps webhook events
    WebhookAzureDevOpsPassword string `json:"webhookAzureDevOpsPassword,omitempty"`
    // Secrets holds all secrets in argocd-secret as a map[string]string
    Secrets map[string]string `json:"secrets,omitempty"`
    // KustomizeBuildOptions is a string of kustomize build parameters
    KustomizeBuildOptions string `json:"kustomizeBuildOptions,omitempty"`
    // Indicates if anonymous user is enabled or not
    AnonymousUserEnabled bool `json:"anonymousUserEnabled,omitempty"`
    // Specifies token expiration duration
    UserSessionDuration time.Duration `json:"userSessionDuration,omitempty"`
    // UiCssURL local or remote path to user-defined CSS to customize ArgoCD UI
    UiCssURL string `json:"uiCssURL,omitempty"`
    // Content of UI Banner
    UiBannerContent string `json:"uiBannerContent,omitempty"`
    // URL for UI Banner
    UiBannerURL string `json:"uiBannerURL,omitempty"`
    // Make Banner permanent and not closeable
    UiBannerPermanent bool `json:"uiBannerPermanent,omitempty"`
    // Position of UI Banner
    UiBannerPosition string `json:"uiBannerPosition,omitempty"`
    // PasswordPattern for password regular expression
    PasswordPattern string `json:"passwordPattern,omitempty"`
    // BinaryUrls contains the URLs for downloading argocd binaries
    BinaryUrls map[string]string `json:"binaryUrls,omitempty"`
    // InClusterEnabled indicates whether to allow in-cluster server address
    InClusterEnabled bool `json:"inClusterEnabled"`
    // ServerRBACLogEnforceEnable temporary var indicates whether rbac will be enforced on logs
    ServerRBACLogEnforceEnable bool `json:"serverRBACLogEnforceEnable"`
    // MaxPodLogsToRender the maximum number of pod logs to render
    MaxPodLogsToRender int64 `json:"maxPodLogsToRender"`
    // ExecEnabled indicates whether the UI exec feature is enabled
    ExecEnabled bool `json:"execEnabled"`
    // ExecShells restricts which shells are allowed for `exec` and in which order they are tried
    ExecShells []string `json:"execShells"`
    // TrackingMethod defines the resource tracking method to be used
    TrackingMethod string `json:"application.resourceTrackingMethod,omitempty"`
    // OIDCTLSInsecureSkipVerify determines whether certificate verification is skipped when verifying tokens with the
    // configured OIDC provider (either external or the bundled Dex instance). Setting this to `true` will cause JWT
    // token verification to pass despite the OIDC provider having an invalid certificate. Only set to `true` if you
    // understand the risks.
    OIDCTLSInsecureSkipVerify bool `json:"oidcTLSInsecureSkipVerify"`
    // AppsInAnyNamespaceEnabled indicates whether applications are allowed to be created in any namespace
    AppsInAnyNamespaceEnabled bool `json:"appsInAnyNamespaceEnabled"`
    // ExtensionConfig configurations related to ArgoCD proxy extensions. The value
    // is a yaml string defined in extension.ExtensionConfigs struct.
    ExtensionConfig string `json:"extensionConfig,omitempty"`
}

资源 applications 结构

Application

// Application is a definition of Application resource.
type Application struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
    Spec              ApplicationSpec   `json:"spec" protobuf:"bytes,2,opt,name=spec"`
    Status            ApplicationStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
    Operation         *Operation        `json:"operation,omitempty" protobuf:"bytes,4,opt,name=operation"`
}

ApplicationSpec

// ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision.
type ApplicationSpec struct {
    // Source is a reference to the location of the application's manifests or chart
    // 用户期望应用运行的状态,以 yaml 编写存储在 git 服务上
    Source *ApplicationSource `json:"source,omitempty" protobuf:"bytes,1,opt,name=source"`
    // Destination is a reference to the target Kubernetes server and namespace
	// 用户期望应用部署至哪组 k8s 上的哪个空间下
    Destination ApplicationDestination `json:"destination" protobuf:"bytes,2,name=destination"`
    // Project is a reference to the project this application belongs to.
    // The empty string means that application belongs to the 'default' project.
	// 该部署应用关联的 project, 它用于控制权限
    Project string `json:"project" protobuf:"bytes,3,name=project"`
    // SyncPolicy controls when and how a sync will be performed
	// 当期望状态与 k8s 集群上实际状态不一致时的同步策略
    SyncPolicy *SyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"`
    // IgnoreDifferences is a list of resources and their fields which should be ignored during comparison
    IgnoreDifferences IgnoreDifferences `json:"ignoreDifferences,omitempty" protobuf:"bytes,5,name=ignoreDifferences"`
    // Info contains a list of information (URLs, email addresses, and plain text) that relates to the application
	// 额外自定义的一些信息
    Info []Info `json:"info,omitempty" protobuf:"bytes,6,name=info"`
    // RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
    // This should only be changed in exceptional circumstances.
    // Setting to zero will store no history. This will reduce storage used.
    // Increasing will increase the space used to store the history, so we do not recommend increasing it.
    // Default is 10.
	// 保留可回滚的历史记录数量
    RevisionHistoryLimit *int64 `json:"revisionHistoryLimit,omitempty" protobuf:"bytes,7,name=revisionHistoryLimit"`

    // Sources is a reference to the location of the application's manifests or chart
	// 应用 yaml 来自多个 git 地址组合而成,比如把运维与开发负责的部分各自剥离
    Sources ApplicationSources `json:"sources,omitempty" protobuf:"bytes,8,opt,name=sources"`
}

ApplicationStatus

// ApplicationStatus contains status information for the application
type ApplicationStatus struct {
    // Resources is a list of Kubernetes resources managed by this application
    Resources []ResourceStatus `json:"resources,omitempty" protobuf:"bytes,1,opt,name=resources"`
    // Sync contains information about the application's current sync status
    Sync SyncStatus `json:"sync,omitempty" protobuf:"bytes,2,opt,name=sync"`
    // Health contains information about the application's current health status
    Health HealthStatus `json:"health,omitempty" protobuf:"bytes,3,opt,name=health"`
    // History contains information about the application's sync history
    History RevisionHistories `json:"history,omitempty" protobuf:"bytes,4,opt,name=history"`
    // Conditions is a list of currently observed application conditions
    Conditions []ApplicationCondition `json:"conditions,omitempty" protobuf:"bytes,5,opt,name=conditions"`
    // ReconciledAt indicates when the application state was reconciled using the latest git version
    ReconciledAt *metav1.Time `json:"reconciledAt,omitempty" protobuf:"bytes,6,opt,name=reconciledAt"`
    // OperationState contains information about any ongoing operations, such as a sync
    OperationState *OperationState `json:"operationState,omitempty" protobuf:"bytes,7,opt,name=operationState"`
    // ObservedAt indicates when the application state was updated without querying latest git state
    // Deprecated: controller no longer updates ObservedAt field
    ObservedAt *metav1.Time `json:"observedAt,omitempty" protobuf:"bytes,8,opt,name=observedAt"`
    // SourceType specifies the type of this application
    SourceType ApplicationSourceType `json:"sourceType,omitempty" protobuf:"bytes,9,opt,name=sourceType"`
    // Summary contains a list of URLs and container images used by this application
    Summary ApplicationSummary `json:"summary,omitempty" protobuf:"bytes,10,opt,name=summary"`
    // ResourceHealthSource indicates where the resource health status is stored: inline if not set or appTree
    ResourceHealthSource ResourceHealthLocation `json:"resourceHealthSource,omitempty" protobuf:"bytes,11,opt,name=resourceHealthSource"`
    // SourceTypes specifies the type of the sources included in the application
    SourceTypes []ApplicationSourceType `json:"sourceTypes,omitempty" protobuf:"bytes,12,opt,name=sourceTypes"`
    // ControllerNamespace indicates the namespace in which the application controller is located
    ControllerNamespace string `json:"controllerNamespace,omitempty" protobuf:"bytes,13,opt,name=controllerNamespace"`
}

ApplicationSource

// ApplicationSource contains all required information about the source of an application
type ApplicationSource struct {
    // RepoURL is the URL to the repository (Git or Helm) that contains the application manifests
	// git 或 helm 仓库地址
    RepoURL string `json:"repoURL" protobuf:"bytes,1,opt,name=repoURL"`
    // Path is a directory path within the Git repository, and is only valid for applications sourced from Git.
	// 仅 git 仓库有效,yaml 文件在该仓库下的二级路径
    Path string `json:"path,omitempty" protobuf:"bytes,2,opt,name=path"`
    // TargetRevision defines the revision of the source to sync the application to.
    // In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
    // In case of Helm, this is a semver tag for the Chart's version.
    TargetRevision string `json:"targetRevision,omitempty" protobuf:"bytes,4,opt,name=targetRevision"`
    // Helm holds helm specific options
    Helm *ApplicationSourceHelm `json:"helm,omitempty" protobuf:"bytes,7,opt,name=helm"`
    // Kustomize holds kustomize specific options
    Kustomize *ApplicationSourceKustomize `json:"kustomize,omitempty" protobuf:"bytes,8,opt,name=kustomize"`
    // Directory holds path/directory specific options
    Directory *ApplicationSourceDirectory `json:"directory,omitempty" protobuf:"bytes,10,opt,name=directory"`
    // Plugin holds config management plugin specific options
    Plugin *ApplicationSourcePlugin `json:"plugin,omitempty" protobuf:"bytes,11,opt,name=plugin"`
    // Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.
    Chart string `json:"chart,omitempty" protobuf:"bytes,12,opt,name=chart"`
    // Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.
    Ref string `json:"ref,omitempty" protobuf:"bytes,13,opt,name=ref"`
}

ApplicationDestination

// ApplicationDestination holds information about the application's destination
type ApplicationDestination struct {
    // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.
	// k8s 控制平面 url 地址,与 name 参数二选一
    Server string `json:"server,omitempty" protobuf:"bytes,1,opt,name=server"`
    // Namespace specifies the target namespace for the application's resources.
    // The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
	// 目标部署命名空间
    Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"`
    // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.
	// k8s 控制平面的名称,与 server 参数二选一
    Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`

    // nolint:govet
    isServerInferred bool `json:"-"`
}

SyncPolicy

// SyncPolicy controls when a sync will be performed in response to updates in git
type SyncPolicy struct {
    // Automated will keep an application synced to the target revision
	// 控制 k8s 资源与 git 源中期望状态的自动化同步策略
    Automated *SyncPolicyAutomated `json:"automated,omitempty" protobuf:"bytes,1,opt,name=automated"`
    // Options allow you to specify whole app sync-options
    SyncOptions SyncOptions `json:"syncOptions,omitempty" protobuf:"bytes,2,opt,name=syncOptions"`
    // Retry controls failed sync retry behavior
    Retry *RetryStrategy `json:"retry,omitempty" protobuf:"bytes,3,opt,name=retry"`
    // ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true)
    ManagedNamespaceMetadata *ManagedNamespaceMetadata `json:"managedNamespaceMetadata,omitempty" protobuf:"bytes,4,opt,name=managedNamespaceMetadata"`
    // If you add a field here, be sure to update IsZero.
}

// SyncPolicyAutomated controls the behavior of an automated sync
type SyncPolicyAutomated struct {
    // Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)
	// 当管理员在 git 源中移除一些资源后,是否允许 argocd 同步把集群上多余的资源移除
    Prune bool `json:"prune,omitempty" protobuf:"bytes,1,opt,name=prune"`
    // SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)
	// 当管理员在 k8s 集群中手工修改资源后,此时与 git 源不匹配,则会立刻将其恢复到期望状态
    SelfHeal bool `json:"selfHeal,omitempty" protobuf:"bytes,2,opt,name=selfHeal"`
    // AllowEmpty allows apps have zero live resources (default: false)
	// 是否允许应用为空资源,比如当移除 git 源仓库内 yaml 数据时,此时出现空资源是否允许 k8s 同步
    AllowEmpty bool `json:"allowEmpty,omitempty" protobuf:"bytes,3,opt,name=allowEmpty"`
}

type SyncOptions []string

// RetryStrategy contains information about the strategy to apply when a sync failed
type RetryStrategy struct {
    // Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.
    Limit int64 `json:"limit,omitempty" protobuf:"bytes,1,opt,name=limit"`
    // Backoff controls how to backoff on subsequent retries of failed syncs
    Backoff *Backoff `json:"backoff,omitempty" protobuf:"bytes,2,opt,name=backoff,casttype=Backoff"`
}

// Backoff is the backoff strategy to use on subsequent retries for failing syncs
type Backoff struct {
    // Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
    Duration string `json:"duration,omitempty" protobuf:"bytes,1,opt,name=duration"`
    // Factor is a factor to multiply the base duration after each failed retry
    Factor *int64 `json:"factor,omitempty" protobuf:"bytes,2,name=factor"`
    // MaxDuration is the maximum amount of time allowed for the backoff strategy
    MaxDuration string `json:"maxDuration,omitempty" protobuf:"bytes,3,opt,name=maxDuration"`
}

type ManagedNamespaceMetadata struct {
    Labels      map[string]string `json:"labels,omitempty" protobuf:"bytes,1,opt,name=labels"`
    Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,2,opt,name=annotations"`
}

IgnoreDifferences

type IgnoreDifferences []ResourceIgnoreDifferences

// ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.
type ResourceIgnoreDifferences struct {
    Group             string   `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
    Kind              string   `json:"kind" protobuf:"bytes,2,opt,name=kind"`
    Name              string   `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
    Namespace         string   `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"`
    JSONPointers      []string `json:"jsonPointers,omitempty" protobuf:"bytes,5,opt,name=jsonPointers"`
    JQPathExpressions []string `json:"jqPathExpressions,omitempty" protobuf:"bytes,6,opt,name=jqPathExpressions"`
    // ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
    // desired state defined in the SCM and won't be displayed in diffs
    ManagedFieldsManagers []string `json:"managedFieldsManagers,omitempty" protobuf:"bytes,7,opt,name=managedFieldsManagers"`
}

Info

type Info struct {
    Name  string `json:"name" protobuf:"bytes,1,name=name"`
    Value string `json:"value" protobuf:"bytes,2,name=value"`
}

ApplicationSources

// ApplicationSources contains list of required information about the sources of an application
type ApplicationSources []ApplicationSource

ApplicationSourceHelm

// ApplicationSourceHelm holds helm specific options
type ApplicationSourceHelm struct {
    // ValuesFiles is a list of Helm value files to use when generating a template
    ValueFiles []string `json:"valueFiles,omitempty" protobuf:"bytes,1,opt,name=valueFiles"`
    // Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation
    Parameters []HelmParameter `json:"parameters,omitempty" protobuf:"bytes,2,opt,name=parameters"`
    // ReleaseName is the Helm release name to use. If omitted it will use the application name
    ReleaseName string `json:"releaseName,omitempty" protobuf:"bytes,3,opt,name=releaseName"`
    // Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.
    // +patchStrategy=replace
    Values string `json:"values,omitempty" patchStrategy:"replace" protobuf:"bytes,4,opt,name=values"`
    // FileParameters are file parameters to the helm template
    FileParameters []HelmFileParameter `json:"fileParameters,omitempty" protobuf:"bytes,5,opt,name=fileParameters"`
    // Version is the Helm version to use for templating ("3")
    Version string `json:"version,omitempty" protobuf:"bytes,6,opt,name=version"`
    // PassCredentials pass credentials to all domains (Helm's --pass-credentials)
    PassCredentials bool `json:"passCredentials,omitempty" protobuf:"bytes,7,opt,name=passCredentials"`
    // IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values
    IgnoreMissingValueFiles bool `json:"ignoreMissingValueFiles,omitempty" protobuf:"bytes,8,opt,name=ignoreMissingValueFiles"`
    // SkipCrds skips custom resource definition installation step (Helm's --skip-crds)
    SkipCrds bool `json:"skipCrds,omitempty" protobuf:"bytes,9,opt,name=skipCrds"`
    // ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.
    // +kubebuilder:pruning:PreserveUnknownFields
    ValuesObject *runtime.RawExtension `json:"valuesObject,omitempty" protobuf:"bytes,10,opt,name=valuesObject"`
}

ApplicationSourceKustomize

// ApplicationSourceKustomize holds options specific to an Application source specific to Kustomize
type ApplicationSourceKustomize struct {
    // NamePrefix is a prefix appended to resources for Kustomize apps
    NamePrefix string `json:"namePrefix,omitempty" protobuf:"bytes,1,opt,name=namePrefix"`
    // NameSuffix is a suffix appended to resources for Kustomize apps
    NameSuffix string `json:"nameSuffix,omitempty" protobuf:"bytes,2,opt,name=nameSuffix"`
    // Images is a list of Kustomize image override specifications
    Images KustomizeImages `json:"images,omitempty" protobuf:"bytes,3,opt,name=images"`
    // CommonLabels is a list of additional labels to add to rendered manifests
    CommonLabels map[string]string `json:"commonLabels,omitempty" protobuf:"bytes,4,opt,name=commonLabels"`
    // Version controls which version of Kustomize to use for rendering manifests
    Version string `json:"version,omitempty" protobuf:"bytes,5,opt,name=version"`
    // CommonAnnotations is a list of additional annotations to add to rendered manifests
    CommonAnnotations map[string]string `json:"commonAnnotations,omitempty" protobuf:"bytes,6,opt,name=commonAnnotations"`
    // ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
    ForceCommonLabels bool `json:"forceCommonLabels,omitempty" protobuf:"bytes,7,opt,name=forceCommonLabels"`
    // ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
    ForceCommonAnnotations bool `json:"forceCommonAnnotations,omitempty" protobuf:"bytes,8,opt,name=forceCommonAnnotations"`
    // Namespace sets the namespace that Kustomize adds to all resources
    Namespace string `json:"namespace,omitempty" protobuf:"bytes,9,opt,name=namespace"`
    // CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values
    CommonAnnotationsEnvsubst bool `json:"commonAnnotationsEnvsubst,omitempty" protobuf:"bytes,10,opt,name=commonAnnotationsEnvsubst"`
    // Replicas is a list of Kustomize Replicas override specifications
    Replicas KustomizeReplicas `json:"replicas,omitempty" protobuf:"bytes,11,opt,name=replicas"`
    // Patches is a list of Kustomize patches
    Patches KustomizePatches `json:"patches,omitempty" protobuf:"bytes,12,opt,name=patches"`
    // Components specifies a list of kustomize components to add to the kustomization before building
    Components []string `json:"components,omitempty" protobuf:"bytes,13,rep,name=components"`
    //LabelWithoutSelector specifies whether to apply common labels to resource selectors or not
    LabelWithoutSelector bool `json:"labelWithoutSelector,omitempty" protobuf:"bytes,14,opt,name=labelWithoutSelector"`
}

ApplicationSourceDirectory

// ApplicationSourceDirectory holds options for applications of type plain YAML or Jsonnet
type ApplicationSourceDirectory struct {
    // Recurse specifies whether to scan a directory recursively for manifests
    Recurse bool `json:"recurse,omitempty" protobuf:"bytes,1,opt,name=recurse"`
    // Jsonnet holds options specific to Jsonnet
    Jsonnet ApplicationSourceJsonnet `json:"jsonnet,omitempty" protobuf:"bytes,2,opt,name=jsonnet"`
    // Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation
    Exclude string `json:"exclude,omitempty" protobuf:"bytes,3,opt,name=exclude"`
    // Include contains a glob pattern to match paths against that should be explicitly included during manifest generation
    Include string `json:"include,omitempty" protobuf:"bytes,4,opt,name=include"`
}

ApplicationSourcePlugin

// ApplicationSourcePlugin holds options specific to config management plugins
type ApplicationSourcePlugin struct {
    Name       string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
    Env        `json:"env,omitempty" protobuf:"bytes,2,opt,name=env"`
    Parameters ApplicationSourcePluginParameters `json:"parameters,omitempty" protobuf:"bytes,3,opt,name=parameters"`
}

ResourceStatus

// ResourceStatus holds the current sync and health status of a resource
// TODO: describe members of this type
type ResourceStatus struct {
    Group           string         `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
    Version         string         `json:"version,omitempty" protobuf:"bytes,2,opt,name=version"`
    Kind            string         `json:"kind,omitempty" protobuf:"bytes,3,opt,name=kind"`
    Namespace       string         `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"`
    Name            string         `json:"name,omitempty" protobuf:"bytes,5,opt,name=name"`
    Status          SyncStatusCode `json:"status,omitempty" protobuf:"bytes,6,opt,name=status"`
    Health          *HealthStatus  `json:"health,omitempty" protobuf:"bytes,7,opt,name=health"`
    Hook            bool           `json:"hook,omitempty" protobuf:"bytes,8,opt,name=hook"`
    RequiresPruning bool           `json:"requiresPruning,omitempty" protobuf:"bytes,9,opt,name=requiresPruning"`
    SyncWave        int64          `json:"syncWave,omitempty" protobuf:"bytes,10,opt,name=syncWave"`
}

SyncStatus

// SyncStatus contains information about the currently observed live and desired states of an application
type SyncStatus struct {
    // Status is the sync state of the comparison
    Status SyncStatusCode `json:"status" protobuf:"bytes,1,opt,name=status,casttype=SyncStatusCode"`
    // ComparedTo contains information about what has been compared
    // +patchStrategy=replace
    ComparedTo ComparedTo `json:"comparedTo,omitempty" protobuf:"bytes,2,opt,name=comparedTo" patchStrategy:"replace"`
    // Revision contains information about the revision the comparison has been performed to
    Revision string `json:"revision,omitempty" protobuf:"bytes,3,opt,name=revision"`
    // Revisions contains information about the revisions of multiple sources the comparison has been performed to
    Revisions []string `json:"revisions,omitempty" protobuf:"bytes,4,opt,name=revisions"`
}

HealthStatus

// HealthStatus contains information about the currently observed health state of an application or resource
type HealthStatus struct {
    // Status holds the status code of the application or resource
    Status health.HealthStatusCode `json:"status,omitempty" protobuf:"bytes,1,opt,name=status"`
    // Message is a human-readable informational message describing the health status
    Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"`
}

资源 appprojects 结构

AppProject

// AppProject provides a logical grouping of applications, providing controls for:
type AppProject struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
    Spec              AppProjectSpec   `json:"spec" protobuf:"bytes,2,opt,name=spec"`
    Status            AppProjectStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}

AppProjectSpec

// AppProjectSpec is the specification of an AppProject
type AppProjectSpec struct {
    // SourceRepos contains list of repository URLs which can be used for deployment
	// 允许可用于部署的 git 仓库列表
    SourceRepos []string `json:"sourceRepos,omitempty" protobuf:"bytes,1,name=sourceRepos"`
    // Destinations contains list of destinations available for deployment
	// 允许可用于部署的 k8s 目标集群
    Destinations []ApplicationDestination `json:"destinations,omitempty" protobuf:"bytes,2,name=destination"`
    // Description contains optional project description
    Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"`
    // Roles are user defined RBAC roles associated with this project
	// 定义项目权限
    Roles []ProjectRole `json:"roles,omitempty" protobuf:"bytes,4,rep,name=roles"`
    // ClusterResourceWhitelist contains list of whitelisted cluster level resources
	// 集群范围内的资源白名单
    ClusterResourceWhitelist []metav1.GroupKind `json:"clusterResourceWhitelist,omitempty" protobuf:"bytes,5,opt,name=clusterResourceWhitelist"`
    // NamespaceResourceBlacklist contains list of blacklisted namespace level resources
	// 命名空间范围内的黑名单
    NamespaceResourceBlacklist []metav1.GroupKind `json:"namespaceResourceBlacklist,omitempty" protobuf:"bytes,6,opt,name=namespaceResourceBlacklist"`
    // OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
    OrphanedResources *OrphanedResourcesMonitorSettings `json:"orphanedResources,omitempty" protobuf:"bytes,7,opt,name=orphanedResources"`
    // SyncWindows controls when syncs can be run for apps in this project
	// 控制该项目下应用可被同步部署的时间
    SyncWindows SyncWindows `json:"syncWindows,omitempty" protobuf:"bytes,8,opt,name=syncWindows"`
    // NamespaceResourceWhitelist contains list of whitelisted namespace level resources
	// 命名空间范围内的白名单
    NamespaceResourceWhitelist []metav1.GroupKind `json:"namespaceResourceWhitelist,omitempty" protobuf:"bytes,9,opt,name=namespaceResourceWhitelist"`
    // SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
    SignatureKeys []SignatureKey `json:"signatureKeys,omitempty" protobuf:"bytes,10,opt,name=signatureKeys"`
    // ClusterResourceBlacklist contains list of blacklisted cluster level resources
	// 集群范围内的资源黑名单
    ClusterResourceBlacklist []metav1.GroupKind `json:"clusterResourceBlacklist,omitempty" protobuf:"bytes,11,opt,name=clusterResourceBlacklist"`
    // SourceNamespaces defines the namespaces application resources are allowed to be created in
    // 当开启多命名空间下,允许非 "argocd" 命名空间的应用可关联该项目
    SourceNamespaces []string `json:"sourceNamespaces,omitempty" protobuf:"bytes,12,opt,name=sourceNamespaces"`
    // PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped
    PermitOnlyProjectScopedClusters bool `json:"permitOnlyProjectScopedClusters,omitempty" protobuf:"bytes,13,opt,name=permitOnlyProjectScopedClusters"`
}

AppProjectStatus

// AppProjectStatus contains status information for AppProject CRs
type AppProjectStatus struct {
    // JWTTokensByRole contains a list of JWT tokens issued for a given role
    JWTTokensByRole map[string]JWTTokens `json:"jwtTokensByRole,omitempty" protobuf:"bytes,1,opt,name=jwtTokensByRole"`
}

ProjectRole

// ProjectRole represents a role that has access to a project
type ProjectRole struct {
    // Name is a name for this role
    Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
    // Description is a description of the role
    Description string `json:"description,omitempty" protobuf:"bytes,2,opt,name=description"`
    // Policies Stores a list of casbin formatted strings that define access policies for the role in the project
    Policies []string `json:"policies,omitempty" protobuf:"bytes,3,rep,name=policies"`
    // JWTTokens are a list of generated JWT tokens bound to this role
    JWTTokens []JWTToken `json:"jwtTokens,omitempty" protobuf:"bytes,4,rep,name=jwtTokens"`
    // Groups are a list of OIDC group claims bound to this role
    Groups []string `json:"groups,omitempty" protobuf:"bytes,5,rep,name=groups"`
}

// JWTToken holds the issuedAt and expiresAt values of a token
type JWTToken struct {
    IssuedAt  int64  `json:"iat" protobuf:"int64,1,opt,name=iat"`
    ExpiresAt int64  `json:"exp,omitempty" protobuf:"int64,2,opt,name=exp"`
    ID        string `json:"id,omitempty" protobuf:"bytes,3,opt,name=id"`
}

metav1.GroupKind

GroupKind

OrphanedResourcesMonitorSettings

// OrphanedResourcesMonitorSettings holds settings of orphaned resources monitoring
type OrphanedResourcesMonitorSettings struct {
    // Warn indicates if warning condition should be created for apps which have orphaned resources
    Warn *bool `json:"warn,omitempty" protobuf:"bytes,1,name=warn"`
    // Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
    Ignore []OrphanedResourceKey `json:"ignore,omitempty" protobuf:"bytes,2,opt,name=ignore"`
}

// OrphanedResourceKey is a reference to a resource to be ignored from
type OrphanedResourceKey struct {
    Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
    Kind  string `json:"kind,omitempty" protobuf:"bytes,2,opt,name=kind"`
    Name  string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
}

SyncWindows

// SyncWindows is a collection of sync windows in this project
type SyncWindows []*SyncWindow

// SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
type SyncWindow struct {
    // Kind defines if the window allows or blocks syncs
    // 表示该时间范围内同步窗口的动作,可选择:allow, deny
    Kind string `json:"kind,omitempty" protobuf:"bytes,1,opt,name=kind"`
    // Schedule is the time the window will begin, specified in cron format
    // 同步窗口开始时间,编写格式同 linux cron 语法,如:"30 9 * * *" 表示开始于9点30分
    Schedule string `json:"schedule,omitempty" protobuf:"bytes,2,opt,name=schedule"`
    // Duration is the amount of time the sync window will be open
	// 同步窗口开始时间的持续时长,如:"10m", "8h" 等
    Duration string `json:"duration,omitempty" protobuf:"bytes,3,opt,name=duration"`
    // Applications contains a list of applications that the window will apply to
	// 影响 "applications.argoproj.io" 的范围
    Applications []string `json:"applications,omitempty" protobuf:"bytes,4,opt,name=applications"`
    // Namespaces contains a list of namespaces that the window will apply to
	// 影响命名空间的范围
    Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,5,opt,name=namespaces"`
    // Clusters contains a list of clusters that the window will apply to
	// 影响 k8s 集群的范围
    Clusters []string `json:"clusters,omitempty" protobuf:"bytes,6,opt,name=clusters"`
    // ManualSync enables manual syncs when they would otherwise be blocked
    ManualSync bool `json:"manualSync,omitempty" protobuf:"bytes,7,opt,name=manualSync"`
    // TimeZone of the sync that will be applied to the schedule
	// 时区,与 "schedule" 配合,必须配置,避免调度时间非以期望的时间在启动
    TimeZone string `json:"timeZone,omitempty" protobuf:"bytes,8,opt,name=timeZone"`
}

SignatureKey

// SignatureKey is the specification of a key required to verify commit signatures with
type SignatureKey struct {
    // The ID of the key in hexadecimal notation
    KeyID string `json:"keyID" protobuf:"bytes,1,name=keyID"`
}

资源 applicationsets 结构

ApplicationSet

// ApplicationSet is a set of Application resources
type ApplicationSet struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
    Spec              ApplicationSetSpec   `json:"spec" protobuf:"bytes,2,opt,name=spec"`
    Status            ApplicationSetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}

ApplicationSetSpec

// ApplicationSetSpec represents a class of application set state.
type ApplicationSetSpec struct {
    GoTemplate        bool                        `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"`
    Generators        []ApplicationSetGenerator   `json:"generators" protobuf:"bytes,2,name=generators"`
    Template          ApplicationSetTemplate      `json:"template" protobuf:"bytes,3,name=template"`
    SyncPolicy        *ApplicationSetSyncPolicy   `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"`
    Strategy          *ApplicationSetStrategy     `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"`
    PreservedFields   *ApplicationPreservedFields `json:"preservedFields,omitempty" protobuf:"bytes,6,opt,name=preservedFields"`
    GoTemplateOptions []string                    `json:"goTemplateOptions,omitempty" protobuf:"bytes,7,opt,name=goTemplateOptions"`
    // ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators
    ApplyNestedSelectors         bool                            `json:"applyNestedSelectors,omitempty" protobuf:"bytes,8,name=applyNestedSelectors"`
    IgnoreApplicationDifferences ApplicationSetIgnoreDifferences `json:"ignoreApplicationDifferences,omitempty" protobuf:"bytes,9,name=ignoreApplicationDifferences"`
    TemplatePatch                *string                         `json:"templatePatch,omitempty" protobuf:"bytes,10,name=templatePatch"`
}

ApplicationSetStatus

// ApplicationSetStatus defines the observed state of ApplicationSet
type ApplicationSetStatus struct {
    // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
    // Important: Run "make" to regenerate code after modifying this file
    Conditions        []ApplicationSetCondition         `json:"conditions,omitempty" protobuf:"bytes,1,name=conditions"`
    ApplicationStatus []ApplicationSetApplicationStatus `json:"applicationStatus,omitempty" protobuf:"bytes,2,name=applicationStatus"`
}

ApplicationSetGenerator

// ApplicationSetGenerator represents a generator at the top level of an ApplicationSet.
type ApplicationSetGenerator struct {
    List                    *ListGenerator        `json:"list,omitempty" protobuf:"bytes,1,name=list"`
    Clusters                *ClusterGenerator     `json:"clusters,omitempty" protobuf:"bytes,2,name=clusters"`
    Git                     *GitGenerator         `json:"git,omitempty" protobuf:"bytes,3,name=git"`
    SCMProvider             *SCMProviderGenerator `json:"scmProvider,omitempty" protobuf:"bytes,4,name=scmProvider"`
    ClusterDecisionResource *DuckTypeGenerator    `json:"clusterDecisionResource,omitempty" protobuf:"bytes,5,name=clusterDecisionResource"`
    PullRequest             *PullRequestGenerator `json:"pullRequest,omitempty" protobuf:"bytes,6,name=pullRequest"`
    Matrix                  *MatrixGenerator      `json:"matrix,omitempty" protobuf:"bytes,7,name=matrix"`
    Merge                   *MergeGenerator       `json:"merge,omitempty" protobuf:"bytes,8,name=merge"`

    // Selector allows to post-filter all generator.
    Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,9,name=selector"`

    Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,10,name=plugin"`
}

ApplicationSetTemplate

// ApplicationSetTemplate represents argocd ApplicationSpec
type ApplicationSetTemplate struct {
    ApplicationSetTemplateMeta `json:"metadata" protobuf:"bytes,1,name=metadata"`
    Spec                       ApplicationSpec `json:"spec" protobuf:"bytes,2,name=spec"`
}

// ApplicationSetTemplateMeta represents the Argo CD application fields that may
// be used for Applications generated from the ApplicationSet (based on metav1.ObjectMeta)
type ApplicationSetTemplateMeta struct {
    Name        string            `json:"name,omitempty" protobuf:"bytes,1,name=name"`
    Namespace   string            `json:"namespace,omitempty" protobuf:"bytes,2,name=namespace"`
    Labels      map[string]string `json:"labels,omitempty" protobuf:"bytes,3,name=labels"`
    Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,4,name=annotations"`
    Finalizers  []string          `json:"finalizers,omitempty" protobuf:"bytes,5,name=finalizers"`
}

ApplicationSetSyncPolicy

// ApplicationSetSyncPolicy configures how generated Applications will relate to their
// ApplicationSet.
type ApplicationSetSyncPolicy struct {
    // PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted.
    PreserveResourcesOnDeletion bool `json:"preserveResourcesOnDeletion,omitempty" protobuf:"bytes,1,name=syncPolicy"`
    // ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync
    // +kubebuilder:validation:Optional
    // +kubebuilder:validation:Enum=create-only;create-update;create-delete;sync
    ApplicationsSync *ApplicationsSyncPolicy `json:"applicationsSync,omitempty" protobuf:"bytes,2,opt,name=applicationsSync,casttype=ApplicationsSyncPolicy"`
}

ApplicationSetStrategy

// ApplicationSetStrategy configures how generated Applications are updated in sequence.
type ApplicationSetStrategy struct {
    Type        string                         `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"`
    RollingSync *ApplicationSetRolloutStrategy `json:"rollingSync,omitempty" protobuf:"bytes,2,opt,name=rollingSync"`
    // RollingUpdate *ApplicationSetRolloutStrategy `json:"rollingUpdate,omitempty" protobuf:"bytes,3,opt,name=rollingUpdate"`
}

type ApplicationSetRolloutStrategy struct {
    Steps []ApplicationSetRolloutStep `json:"steps,omitempty" protobuf:"bytes,1,opt,name=steps"`
}

type ApplicationSetRolloutStep struct {
    MatchExpressions []ApplicationMatchExpression `json:"matchExpressions,omitempty" protobuf:"bytes,1,opt,name=matchExpressions"`
    MaxUpdate        *intstr.IntOrString          `json:"maxUpdate,omitempty" protobuf:"bytes,2,opt,name=maxUpdate"`
}

type ApplicationMatchExpression struct {
    Key      string   `json:"key,omitempty" protobuf:"bytes,1,opt,name=key"`
    Operator string   `json:"operator,omitempty" protobuf:"bytes,2,opt,name=operator"`
    Values   []string `json:"values,omitempty" protobuf:"bytes,3,opt,name=values"`
}

ApplicationPreservedFields

type ApplicationPreservedFields struct {
    Annotations []string `json:"annotations,omitempty" protobuf:"bytes,1,name=annotations"`
    Labels      []string `json:"labels,omitempty" protobuf:"bytes,2,name=labels"`
}

ApplicationSetIgnoreDifferences

// ApplicationSetIgnoreDifferences configures how the ApplicationSet controller will ignore differences in live
// applications when applying changes from generated applications.
type ApplicationSetIgnoreDifferences []ApplicationSetResourceIgnoreDifferences

// ApplicationSetResourceIgnoreDifferences configures how the ApplicationSet controller will ignore differences in live
// applications when applying changes from generated applications.
type ApplicationSetResourceIgnoreDifferences struct {
    // Name is the name of the application to ignore differences for. If not specified, the rule applies to all applications.
    Name string `json:"name,omitempty" protobuf:"bytes,1,name=name"`
    // JSONPointers is a list of JSON pointers to fields to ignore differences for.
    JSONPointers []string `json:"jsonPointers,omitempty" protobuf:"bytes,2,name=jsonPointers"`
    // JQPathExpressions is a list of JQ path expressions to fields to ignore differences for.
    JQPathExpressions []string `json:"jqPathExpressions,omitempty" protobuf:"bytes,3,name=jqExpressions"`
}

资源 repository 结构

Repository

// Repository is a repository holding application configurations
type Repository struct {
    // Repo contains the URL to the remote repository
    Repo string `json:"repo" protobuf:"bytes,1,opt,name=repo"`
    // Username contains the user name used for authenticating at the remote repository
    Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"`
    // Password contains the password or PAT used for authenticating at the remote repository
    Password string `json:"password,omitempty" protobuf:"bytes,3,opt,name=password"`
    // SSHPrivateKey contains the PEM data for authenticating at the repo server. Only used with Git repos.
    SSHPrivateKey string `json:"sshPrivateKey,omitempty" protobuf:"bytes,4,opt,name=sshPrivateKey"`
    // ConnectionState contains information about the current state of connection to the repository server
    ConnectionState ConnectionState `json:"connectionState,omitempty" protobuf:"bytes,5,opt,name=connectionState"`
    // InsecureIgnoreHostKey should not be used anymore, Insecure is favoured
    // Used only for Git repos
    InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty" protobuf:"bytes,6,opt,name=insecureIgnoreHostKey"`
    // Insecure specifies whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys
    Insecure bool `json:"insecure,omitempty" protobuf:"bytes,7,opt,name=insecure"`
    // EnableLFS specifies whether git-lfs support should be enabled for this repo. Only valid for Git repositories.
    EnableLFS bool `json:"enableLfs,omitempty" protobuf:"bytes,8,opt,name=enableLfs"`
    // TLSClientCertData contains a certificate in PEM format for authenticating at the repo server
    TLSClientCertData string `json:"tlsClientCertData,omitempty" protobuf:"bytes,9,opt,name=tlsClientCertData"`
    // TLSClientCertKey contains a private key in PEM format for authenticating at the repo server
    TLSClientCertKey string `json:"tlsClientCertKey,omitempty" protobuf:"bytes,10,opt,name=tlsClientCertKey"`
    // Type specifies the type of the repo. Can be either "git" or "helm. "git" is assumed if empty or absent.
    Type string `json:"type,omitempty" protobuf:"bytes,11,opt,name=type"`
    // Name specifies a name to be used for this repo. Only used with Helm repos
    Name string `json:"name,omitempty" protobuf:"bytes,12,opt,name=name"`
    // Whether credentials were inherited from a credential set
    InheritedCreds bool `json:"inheritedCreds,omitempty" protobuf:"bytes,13,opt,name=inheritedCreds"`
    // EnableOCI specifies whether helm-oci support should be enabled for this repo
    EnableOCI bool `json:"enableOCI,omitempty" protobuf:"bytes,14,opt,name=enableOCI"`
    // Github App Private Key PEM data
    GithubAppPrivateKey string `json:"githubAppPrivateKey,omitempty" protobuf:"bytes,15,opt,name=githubAppPrivateKey"`
    // GithubAppId specifies the ID of the GitHub app used to access the repo
    GithubAppId int64 `json:"githubAppID,omitempty" protobuf:"bytes,16,opt,name=githubAppID"`
    // GithubAppInstallationId specifies the installation ID of the GitHub App used to access the repo
    GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty" protobuf:"bytes,17,opt,name=githubAppInstallationID"`
    // GithubAppEnterpriseBaseURL specifies the base URL of GitHub Enterprise installation. If empty will default to https://api.github.com
    GitHubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty" protobuf:"bytes,18,opt,name=githubAppEnterpriseBaseUrl"`
    // Proxy specifies the HTTP/HTTPS proxy used to access the repo
    Proxy string `json:"proxy,omitempty" protobuf:"bytes,19,opt,name=proxy"`
    // Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity
    Project string `json:"project,omitempty" protobuf:"bytes,20,opt,name=project"`
    // GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
    GCPServiceAccountKey string `json:"gcpServiceAccountKey,omitempty" protobuf:"bytes,21,opt,name=gcpServiceAccountKey"`
    // ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
    ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,22,opt,name=forceHttpBasicAuth"`
}

secretToRepository

util/db/repository_secrets.go

func secretToRepository(secret *corev1.Secret) (*appsv1.Repository, error) {
    repository := &appsv1.Repository{
        Name:                       string(secret.Data["name"]),
        Repo:                       string(secret.Data["url"]),
        Username:                   string(secret.Data["username"]),
        Password:                   string(secret.Data["password"]),
        SSHPrivateKey:              string(secret.Data["sshPrivateKey"]),
        TLSClientCertData:          string(secret.Data["tlsClientCertData"]),
        TLSClientCertKey:           string(secret.Data["tlsClientCertKey"]),
        Type:                       string(secret.Data["type"]),
        GithubAppPrivateKey:        string(secret.Data["githubAppPrivateKey"]),
        GitHubAppEnterpriseBaseURL: string(secret.Data["githubAppEnterpriseBaseUrl"]),
        Proxy:                      string(secret.Data["proxy"]),
        Project:                    string(secret.Data["project"]),
        GCPServiceAccountKey:       string(secret.Data["gcpServiceAccountKey"]),
    }

    insecureIgnoreHostKey, err := boolOrFalse(secret, "insecureIgnoreHostKey")
    if err != nil {
        return repository, err
    }
    repository.InsecureIgnoreHostKey = insecureIgnoreHostKey

    insecure, err := boolOrFalse(secret, "insecure")
    if err != nil {
        return repository, err
    }
    repository.Insecure = insecure

    enableLfs, err := boolOrFalse(secret, "enableLfs")
    if err != nil {
        return repository, err
    }
    repository.EnableLFS = enableLfs

    enableOCI, err := boolOrFalse(secret, "enableOCI")
    if err != nil {
        return repository, err
    }
    repository.EnableOCI = enableOCI

    githubAppID, err := intOrZero(secret, "githubAppID")
    if err != nil {
        return repository, err
    }
    repository.GithubAppId = githubAppID

    githubAppInstallationID, err := intOrZero(secret, "githubAppInstallationID")
    if err != nil {
        return repository, err
    }
    repository.GithubAppInstallationId = githubAppInstallationID

    forceBasicAuth, err := boolOrFalse(secret, "forceHttpBasicAuth")
    if err != nil {
        return repository, err
    }
    repository.ForceHttpBasicAuth = forceBasicAuth

    return repository, nil
}

资源 cluster 结构

Cluster

pkg/apis/application/v1alpha1/types.go

// Cluster is the definition of a cluster resource
type Cluster struct {
    // ID is an internal field cluster identifier. Not exposed via API.
    ID string `json:"-"`
    // Server is the API server URL of the Kubernetes cluster
    Server string `json:"server" protobuf:"bytes,1,opt,name=server"`
    // Name of the cluster. If omitted, will use the server address
    Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
    // Config holds cluster information for connecting to a cluster
    Config ClusterConfig `json:"config" protobuf:"bytes,3,opt,name=config"`
    // DEPRECATED: use Info.ConnectionState field instead.
    // ConnectionState contains information about cluster connection state
    ConnectionState ConnectionState `json:"connectionState,omitempty" protobuf:"bytes,4,opt,name=connectionState"`
    // DEPRECATED: use Info.ServerVersion field instead.
    // The server version
    ServerVersion string `json:"serverVersion,omitempty" protobuf:"bytes,5,opt,name=serverVersion"`
    // Holds list of namespaces which are accessible in that cluster. Cluster level resources will be ignored if namespace list is not empty.
    Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,opt,name=namespaces"`
    // RefreshRequestedAt holds time when cluster cache refresh has been requested
    RefreshRequestedAt *metav1.Time `json:"refreshRequestedAt,omitempty" protobuf:"bytes,7,opt,name=refreshRequestedAt"`
    // Info holds information about cluster cache and state
    Info ClusterInfo `json:"info,omitempty" protobuf:"bytes,8,opt,name=info"`
    // Shard contains optional shard number. Calculated on the fly by the application controller if not specified.
    Shard *int64 `json:"shard,omitempty" protobuf:"bytes,9,opt,name=shard"`
    // Indicates if cluster level resources should be managed. This setting is used only if cluster is connected in a namespaced mode.
    ClusterResources bool `json:"clusterResources,omitempty" protobuf:"bytes,10,opt,name=clusterResources"`
    // Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity
    Project string `json:"project,omitempty" protobuf:"bytes,11,opt,name=project"`
    // Labels for cluster secret metadata
    Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,12,opt,name=labels"`
    // Annotations for cluster secret metadata
    Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,13,opt,name=annotations"`
}

ClusterConfig

pkg/apis/application/v1alpha1/types.go

// ClusterConfig is the configuration attributes. This structure is subset of the go-client
// rest.Config with annotations added for marshalling.
type ClusterConfig struct {
    // Server requires Basic authentication
    Username string `json:"username,omitempty" protobuf:"bytes,1,opt,name=username"`
    Password string `json:"password,omitempty" protobuf:"bytes,2,opt,name=password"`

    // Server requires Bearer authentication. This client will not attempt to use
    // refresh tokens for an OAuth2 flow.
    // TODO: demonstrate an OAuth2 compatible client.
    BearerToken string `json:"bearerToken,omitempty" protobuf:"bytes,3,opt,name=bearerToken"`

    // TLSClientConfig contains settings to enable transport layer security
    TLSClientConfig `json:"tlsClientConfig" protobuf:"bytes,4,opt,name=tlsClientConfig"`

    // AWSAuthConfig contains IAM authentication configuration
    AWSAuthConfig *AWSAuthConfig `json:"awsAuthConfig,omitempty" protobuf:"bytes,5,opt,name=awsAuthConfig"`

    // ExecProviderConfig contains configuration for an exec provider
    ExecProviderConfig *ExecProviderConfig `json:"execProviderConfig,omitempty" protobuf:"bytes,6,opt,name=execProviderConfig"`
}
// TLSClientConfig contains settings to enable transport layer security
type TLSClientConfig struct {
    // Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only.
    Insecure bool `json:"insecure" protobuf:"bytes,1,opt,name=insecure"`
    // ServerName is passed to the server for SNI and is used in the client to check server
    // certificates against. If ServerName is empty, the hostname used to contact the
    // server is used.
    ServerName string `json:"serverName,omitempty" protobuf:"bytes,2,opt,name=serverName"`
    // CertData holds PEM-encoded bytes (typically read from a client certificate file).
    // CertData takes precedence over CertFile
    CertData []byte `json:"certData,omitempty" protobuf:"bytes,3,opt,name=certData"`
    // KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
    // KeyData takes precedence over KeyFile
    KeyData []byte `json:"keyData,omitempty" protobuf:"bytes,4,opt,name=keyData"`
    // CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
    // CAData takes precedence over CAFile
    CAData []byte `json:"caData,omitempty" protobuf:"bytes,5,opt,name=caData"`
}
// AWSAuthConfig is an AWS IAM authentication configuration
type AWSAuthConfig struct {
    // ClusterName contains AWS cluster name
    ClusterName string `json:"clusterName,omitempty" protobuf:"bytes,1,opt,name=clusterName"`

    // RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
    RoleARN string `json:"roleARN,omitempty" protobuf:"bytes,2,opt,name=roleARN"`

    // Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.
    Profile string `json:"profile,omitempty" protobuf:"bytes,3,opt,name=profile"`
}
// ExecProviderConfig is config used to call an external command to perform cluster authentication
// See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
type ExecProviderConfig struct {
    // Command to execute
    Command string `json:"command,omitempty" protobuf:"bytes,1,opt,name=command"`

    // Arguments to pass to the command when executing it
    Args []string `json:"args,omitempty" protobuf:"bytes,2,rep,name=args"`

    // Env defines additional environment variables to expose to the process
    Env map[string]string `json:"env,omitempty" protobuf:"bytes,3,opt,name=env"`

    // Preferred input version of the ExecInfo
    APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,4,opt,name=apiVersion"`

    // This text is shown to the user when the executable doesn't seem to be present
    InstallHint string `json:"installHint,omitempty" protobuf:"bytes,5,opt,name=installHint"`
}

SecretToCluster

util/db/cluster.go

// SecretToCluster converts a secret into a Cluster object
func SecretToCluster(s *apiv1.Secret) (*appv1.Cluster, error) {
    var config appv1.ClusterConfig
    if len(s.Data["config"]) > 0 {
        err := json.Unmarshal(s.Data["config"], &config)
        if err != nil {
            return nil, fmt.Errorf("failed to unmarshal cluster config: %w", err)
        }
    }

    var namespaces []string
    for _, ns := range strings.Split(string(s.Data["namespaces"]), ",") {
        if ns = strings.TrimSpace(ns); ns != "" {
            namespaces = append(namespaces, ns)
        }
    }
    var refreshRequestedAt *metav1.Time
    if v, found := s.Annotations[appv1.AnnotationKeyRefresh]; found {
        requestedAt, err := time.Parse(time.RFC3339, v)
        if err != nil {
            log.Warnf("Error while parsing date in cluster secret '%s': %v", s.Name, err)
        } else {
            refreshRequestedAt = &metav1.Time{Time: requestedAt}
        }
    }
    var shard *int64
    if shardStr := s.Data["shard"]; shardStr != nil {
        if val, err := strconv.Atoi(string(shardStr)); err != nil {
            log.Warnf("Error while parsing shard in cluster secret '%s': %v", s.Name, err)
        } else {
            shard = pointer.Int64(int64(val))
        }
    }

    // copy labels and annotations excluding system ones
    labels := map[string]string{}
    if s.Labels != nil {
        labels = collections.CopyStringMap(s.Labels)
        delete(labels, common.LabelKeySecretType)
    }
    annotations := map[string]string{}
    if s.Annotations != nil {
        annotations = collections.CopyStringMap(s.Annotations)
        // delete system annotations
        delete(annotations, apiv1.LastAppliedConfigAnnotation)
        delete(annotations, common.AnnotationKeyManagedBy)
    }

    cluster := appv1.Cluster{
        ID:                 string(s.UID),
        Server:             strings.TrimRight(string(s.Data["server"]), "/"),
        Name:               string(s.Data["name"]),
        Namespaces:         namespaces,
        ClusterResources:   string(s.Data["clusterResources"]) == "true",
        Config:             config,
        RefreshRequestedAt: refreshRequestedAt,
        Shard:              shard,
        Project:            string(s.Data["project"]),
        Labels:             labels,
        Annotations:        annotations,
    }
    return &cluster, nil
}



最后修改 2024.06.18: docs: argo-cd datatype (9afa1ea)