From 1851cd7f64627e38e2e5487ba4533e07e5df4722 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Tue, 19 May 2026 19:10:20 +0530 Subject: [PATCH 1/6] TLS configurable option for PQC Signed-off-by: akhil nittala --- Dockerfile | 25 +- Makefile | 4 +- cmd/main.go | 63 +- config/crd/bases/argoproj.io_argocds.yaml | 562 +++++++++++++++++- config/manager/kustomization.yaml | 3 +- config/rbac/role.yaml | 135 +++-- controllers/argocd_metrics_controller.go | 4 +- controllers/gitopsservice_controller.go | 1 + go.mod | 5 +- go.sum | 16 +- .../1-104_validate_prometheus_alert_test.go | 4 +- 11 files changed, 703 insertions(+), 119 deletions(-) diff --git a/Dockerfile b/Dockerfile index 07ceb2e7284..78ec2d8d65b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,33 +2,36 @@ FROM golang:1.26.2 as builder WORKDIR /workspace + +COPY argocd-operator /workspace/argocd-operator + # Copy the Go Modules manifests COPY go.mod go.mod COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer + +# Cache dependencies RUN go mod download -# Copy the go source +# Copy the Go source COPY cmd/main.go cmd/main.go COPY api/ api/ COPY controllers/ controllers/ COPY common/ common/ COPY version/ version/ -# Build - Use TARGETARCH to build for the correct architecture -ARG TARGETARCH -RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o manager ./cmd/main.go +# Build explicitly for linux/amd64 +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager ./cmd/main.go + +# Use distroless as minimal base image +FROM --platform=linux/amd64 gcr.io/distroless/static:nonroot -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot WORKDIR / + COPY --from=builder /workspace/manager /usr/local/bin/manager -# install redis artifacts +# Install redis artifacts COPY build/redis /var/lib/redis USER 65532:65532 -ENTRYPOINT ["/usr/local/bin/manager"] +ENTRYPOINT ["/usr/local/bin/manager"] \ No newline at end of file diff --git a/Makefile b/Makefile index b8be5ed038a..5c4f103a76c 100644 --- a/Makefile +++ b/Makefile @@ -183,8 +183,8 @@ run: manifests generate fmt vet ## Run a controller from your host. CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES=argo-rollouts,test-rom-ns-1,rom-ns-1,openshift-gitops ARGOCD_CLUSTER_CONFIG_NAMESPACES="openshift-gitops, argocd-e2e-cluster-config, argocd-test-impersonation-1-046, argocd-agent-principal-1-051, argocd-agent-agent-1-052, appset-argocd, appset-old-ns, appset-new-ns, ns-hosting-principal, ns-hosting-managed-agent, ns-hosting-autonomous-agent, appset-argocd-clusterrole" REDIS_CONFIG_PATH="build/redis" go run ./cmd/main.go .PHONY: docker-build -docker-build: test ## Build container image with the manager. - $(CONTAINER_RUNTIME) build -t ${IMG} . +docker-build: ## Build container image with the manager. + $(CONTAINER_RUNTIME) build --platform=linux/amd64 -t ${IMG} . .PHONY: docker-push docker-push: ## Push container image with the manager. diff --git a/cmd/main.go b/cmd/main.go index acbe0809fad..7c5c99745c0 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -17,6 +17,7 @@ limitations under the License. package main import ( + "context" "crypto/tls" "flag" "fmt" @@ -46,6 +47,7 @@ import ( oauthv1 "github.com/openshift/api/oauth/v1" routev1 "github.com/openshift/api/route/v1" templatev1 "github.com/openshift/api/template/v1" + tlspkg "github.com/openshift/controller-runtime-common/pkg/tls" operatorsv1 "github.com/operator-framework/api/pkg/operators/v1" operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" @@ -131,6 +133,8 @@ func main() { flag.Parse() ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + ctx, cancel := context.WithCancel(ctrl.SetupSignalHandler()) + defer cancel() if err := util.InspectCluster(); err != nil { setupLog.Error(err, "unable to inspect cluster") @@ -142,15 +146,40 @@ func main() { } c.NextProtos = []string{"http/1.1"} } + + restConfig := ctrl.GetConfigOrDie() + // Register config.openshift.io APIs before creating bootstrap client + utilruntime.Must(configv1.Install(scheme)) + bootstrapClient, err := crclient.New(restConfig, crclient.Options{ + Scheme: scheme, + }) + if err != nil { + setupLog.Error(err, "unable to create bootstrap client") + os.Exit(1) + } + var profile configv1.TLSProfileSpec + profile, err = tlspkg.FetchAPIServerTLSProfile(ctx, bootstrapClient) + if err != nil { + setupLog.Error(err, "unable to fetch cluster TLS profile") + os.Exit(1) + } + tlsOpts := []func(*tls.Config){disableHTTP2} + tlsConfigFn, unsupported := tlspkg.NewTLSConfigFromProfile(profile) + if len(unsupported) > 0 { + setupLog.Info("TLS profile contains unsupported Go cipher suites", "ciphers", unsupported) + } + + tlsOpts = append(tlsOpts, tlsConfigFn) + webhookServerOptions := webhook.Options{ - TLSOpts: []func(config *tls.Config){disableHTTP2}, + TLSOpts: tlsOpts, Port: 9443, } webhookServer := webhook.NewServer(webhookServerOptions) metricsServerOptions := metricsserver.Options{ BindAddress: metricsAddr, - TLSOpts: []func(*tls.Config){disableHTTP2}, + TLSOpts: tlsOpts, FilterProvider: filters.WithAuthenticationAndAuthorization, } @@ -180,15 +209,35 @@ func main() { } } - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options) + mgr, err := ctrl.NewManager(restConfig, options) if err != nil { setupLog.Error(err, "unable to start manager") os.Exit(1) } + watcher := &tlspkg.SecurityProfileWatcher{ + Client: mgr.GetClient(), + InitialTLSProfileSpec: profile, + OnProfileChange: func(_ context.Context, oldProfile, newProfile configv1.TLSProfileSpec) { + if reflect.DeepEqual(oldProfile, newProfile) { + return + } + setupLog.Info("cluster TLS profile changed, restarting operator", + "oldProfileMinVersion", oldProfile.MinTLSVersion, + "newProfileMinVersion", newProfile.MinTLSVersion) + + cancel() + }, + } + + if err := watcher.SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to setup TLS security profile watcher") + os.Exit(1) + } + var client crclient.Client if strings.ToLower(os.Getenv("MEMORY_OPTIMIZATION_ENABLED")) != "false" { - liveClient, err := crclient.New(ctrl.GetConfigOrDie(), crclient.Options{Scheme: mgr.GetScheme()}) + liveClient, err := crclient.New(restConfig, crclient.Options{Scheme: mgr.GetScheme()}) if err != nil { setupLog.Error(err, "unable to create live client") os.Exit(1) @@ -309,6 +358,10 @@ func main() { K8sClient: k8sClient, LocalUsers: argocdprovisioner.NewLocalUsersInfo(), FipsConfigChecker: argoutil.NewLinuxFipsConfigChecker(), + CentralTlsConfigProfile: argocdprovisioner.TlsConfigProfile{ + MinVersion: profile.MinTLSVersion, + Ciphers: profile.Ciphers, + }, }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "Argo CD") os.Exit(1) @@ -357,7 +410,7 @@ func main() { } setupLog.Info("starting manager") - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + if err := mgr.Start(ctx); err != nil { setupLog.Error(err, "problem running manager") os.Exit(1) } diff --git a/config/crd/bases/argoproj.io_argocds.yaml b/config/crd/bases/argoproj.io_argocds.yaml index 56185f64d61..3633a0f87cd 100644 --- a/config/crd/bases/argoproj.io_argocds.yaml +++ b/config/crd/bases/argoproj.io_argocds.yaml @@ -1894,7 +1894,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources should be created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -2122,12 +2121,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -2135,6 +2129,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -8744,6 +8746,145 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object status: description: ArgoCDStatus defines the observed state of ArgoCD @@ -9118,12 +9259,7 @@ spec: type: string description: Custom labels to pods deployed by the operator type: object - logLevel: - description: LogLevel describes the log level that should be used - by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the ApplicationSet component. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -9131,6 +9267,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string resources: description: Resources defines the Compute Resources required by the container for ApplicationSet. @@ -11584,6 +11728,66 @@ spec: server to be used by the PrincAgentipal component. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent agent component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object tls: description: TLS defines the TLS options for the Agent component. properties: @@ -11854,6 +12058,66 @@ spec: the TLS certificate and key for the resource proxy. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent principal component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object server: description: Server defines the server options for the Principal component. @@ -11909,6 +12173,26 @@ spec: description: SecretName is The name of the secret containing the TLS certificate and key. type: string + tlsConfig: + description: TLS configuration for the Principal component. + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + type: object type: object type: object type: object @@ -11934,11 +12218,19 @@ spec: required: - content type: object + clusterDomain: + description: |- + ClusterDomain is the cluster domain suffix used for constructing service FQDNs. Defaults to "cluster.local". + The full FQDN will be: ..svc. + This is useful for clusters that use a different DNS suffix (e.g., "CLUSTER_ID.cluster.local", "edge.local"). + type: string cmdParams: additionalProperties: type: string - description: CmdParams specifies command-line parameters for the Argo - CD components. + description: |- + CmdParams specifies command-line parameters for the Argo CD components. + The only keys currently supported for this parameter are: + - controller.resource.health.persist type: object configManagementPlugins: description: 'Deprecated: ConfigManagementPlugins field is no longer @@ -17882,6 +18174,26 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TLS configuration for the Image Updater + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + type: object required: - enabled type: object @@ -18020,7 +18332,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources are created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -18248,12 +18559,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -18261,6 +18567,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -18643,6 +18957,27 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TlsConfig defines the TLS configuration for the Redis + server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + type: object version: description: Version is the Redis container image tag. type: string @@ -22227,6 +22562,26 @@ spec: x-kubernetes-map-type: atomic type: array type: object + tlsConfig: + description: TLS configuration for the repo server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + type: object verifytls: description: VerifyTLS defines whether repo server API should be accessed using strict TLS validation @@ -27907,6 +28262,26 @@ spec: - name type: object type: array + tlsConfig: + description: TLS configuration for the Argo CD Server component + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.1" + - "1.2" + - "1.3" + type: string + type: object volumeMounts: description: VolumeMounts adds volumeMounts to the Argo CD Server container. @@ -32205,6 +32580,149 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webTerminalEnabled: + description: WebTerminalEnabled allows you to get a shell inside a + running pod just like you would with kubectl exec + type: boolean + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object x-kubernetes-validations: - message: spec.sso and spec.oidcConfig cannot both be set diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index c7ac940f7d1..a81d848d19e 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -12,4 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: quay.io/redhat-developer/gitops-operator + newName: quay.io/nittalaakhil/openshift-gitops-operator + newTag: v0.0.9 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index de8521cf0cf..b9282d1e539 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -18,13 +18,7 @@ rules: - services - services/finalizers verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - '*' - apiGroups: - "" resources: @@ -97,19 +91,20 @@ rules: resources: - daemonsets - deployments - - podtemplates - replicasets - statefulsets verbs: - - create - - delete - - get - - list - - patch + - '*' +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: - update - - watch - apiGroups: - apps + resourceNames: + - argocd-operator resources: - deployments/finalizers verbs: @@ -122,8 +117,21 @@ rules: - deployments/finalizers verbs: - update +- apiGroups: + - apps + resources: + - podtemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - apps.openshift.io + - route.openshift.io resources: - '*' verbs: @@ -134,6 +142,13 @@ rules: - patch - update - watch +- apiGroups: + - argocd-image-updater.argoproj.io + resources: + - imageupdaters + - imageupdaters/finalizers + verbs: + - '*' - apiGroups: - argoproj.io resources: @@ -143,8 +158,6 @@ rules: - clusteranalysistemplates - experiments - experiments/finalizers - - namespacemanagements - - namespacemanagements/status - rollouts - rollouts/finalizers - rollouts/scale @@ -166,6 +179,29 @@ rules: - argocds - argocds/finalizers - argocds/status + verbs: + - '*' +- apiGroups: + - argoproj.io + resources: + - argocdexports + - argocdexports/finalizers + - argocdexports/status + - namespacemanagements/finalizers + - notificationsconfigurations + - notificationsconfigurations/finalizers + verbs: + - '*' +- apiGroups: + - argoproj.io + resources: + - namespacemanagements + - namespacemanagements/status + verbs: + - '*' +- apiGroups: + - argoproj.io + resources: - rolloutmanagers verbs: - create @@ -175,13 +211,6 @@ rules: - patch - update - watch -- apiGroups: - - argoproj.io - resources: - - notificationsconfigurations - - notificationsconfigurations/finalizers - verbs: - - '*' - apiGroups: - argoproj.io resources: @@ -201,29 +230,26 @@ rules: resources: - horizontalpodautoscalers verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - '*' - apiGroups: - batch resources: - cronjobs - jobs verbs: - - create - - delete + - '*' +- apiGroups: + - certificates.k8s.io + resources: + - clustertrustbundles + verbs: - get - list - - patch - - update - watch - apiGroups: - config.openshift.io resources: + - apiservers - authentications - clusterversions - ingresses @@ -301,13 +327,7 @@ rules: - prometheusrules - servicemonitors verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - '*' - apiGroups: - networking.istio.io resources: @@ -323,6 +343,11 @@ rules: - networking.k8s.io resources: - ingresses + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: - networkpolicies verbs: - create @@ -389,16 +414,7 @@ rules: - clusterrolebindings - clusterroles verbs: - - bind - - create - - delete - - deletecollection - - escalate - - get - - list - - patch - - update - - watch + - '*' - apiGroups: - rbac.authorization.k8s.io resources: @@ -415,17 +431,10 @@ rules: - apiGroups: - route.openshift.io resources: - - '*' - routes - routes/custom-host verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - '*' - apiGroups: - split.smi-spec.io resources: @@ -443,13 +452,7 @@ rules: - templateinstances - templates verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - '*' - apiGroups: - traefik.containo.us resources: diff --git a/controllers/argocd_metrics_controller.go b/controllers/argocd_metrics_controller.go index 0b352c61cb8..5cbaeb34a93 100644 --- a/controllers/argocd_metrics_controller.go +++ b/controllers/argocd_metrics_controller.go @@ -397,8 +397,8 @@ func (r *ArgoCDMetricsReconciler) reconcileOperatorMetricsServiceMonitor(reqLogg return nil } - if existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName != desiredMetricsServerName { - existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName = desiredMetricsServerName + if existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName != &desiredMetricsServerName { + existingServiceMonitor.Spec.Endpoints[0].TLSConfig.ServerName = &desiredMetricsServerName return r.Client.Update(context.TODO(), existingServiceMonitor) } diff --git a/controllers/gitopsservice_controller.go b/controllers/gitopsservice_controller.go index 0060e590c5d..da56935cc42 100644 --- a/controllers/gitopsservice_controller.go +++ b/controllers/gitopsservice_controller.go @@ -216,6 +216,7 @@ type ReconcileGitopsService struct { //+kubebuilder:rbac:groups="argoproj.io",resources=namespacemanagements;namespacemanagements/status,verbs=create;get;list;watch;update;patch;delete;deletecollection //+kubebuilder:rbac:groups="config.openshift.io",resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups="",resources=serviceaccounts/token,verbs=create +//+kubebuilder:rbac:groups=config.openshift.io,resources=apiservers,verbs=get;list;watch // Reconcile reads that state of the cluster for a GitopsService object and makes changes based on the state read // and what is in the GitopsService.Spec diff --git a/go.mod b/go.mod index 1969d4c68e6..90912b56761 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/gomega v1.41.0 github.com/openshift/api v0.0.0-20240906151052-5d963dce87aa github.com/operator-framework/api v0.17.5 - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.73.2 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 github.com/stretchr/testify v1.11.1 go.uber.org/zap v1.28.0 golang.org/x/mod v0.36.0 @@ -28,7 +28,7 @@ require ( k8s.io/apimachinery v0.35.2 k8s.io/client-go v0.35.2 k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 - sigs.k8s.io/controller-runtime v0.23.1 + sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/yaml v1.6.0 ) @@ -130,6 +130,7 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect + github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5 // indirect github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.6.0 // indirect diff --git a/go.sum b/go.sum index b0e4a54f66c..238da638bd9 100644 --- a/go.sum +++ b/go.sum @@ -362,8 +362,12 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/openshift/api v0.0.0-20240906151052-5d963dce87aa h1:RMI6Xa+l8KriyoxsRO/swMDPyCwrxJNA9H67K0Jod/w= -github.com/openshift/api v0.0.0-20240906151052-5d963dce87aa/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= +github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb h1:iwBR3mzmyE3EMFx7R3CQ9lOccTS0dNht8TW82aGITg0= +github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= +github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e h1:k89oIo2EjX0PRSdi1kesktCyWp50SC9WwKurvupvRGs= +github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e/go.mod h1:XGabTMnNbz0M5Oa7IbscZp/jmcc7aHobvOCUWwkzKvM= +github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5 h1:9Pe6iVOMjt9CdA/vaKBNUSoEIjIe1po5Ha3ABRYXLJI= +github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5/go.mod h1:K3FoNLgNBFYbFuG+Kr8usAnQxj1w84XogyUp2M8rK8k= github.com/operator-framework/api v0.17.5 h1:9d0pc6m1Vp4QeS8i5dhl/B0nifhKQdtw+iFsNx0An0Q= github.com/operator-framework/api v0.17.5/go.mod h1:l/cuwtPxkVUY7fzYgdust2m9tlmb8I4pOvbsUufRb24= github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible h1:IWzUvJ72xMjmrjR9q3H1PF+jwdN0uNQiR2t1BLNalyo= @@ -379,8 +383,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.73.2 h1:GwlGJPK6vf1UIohpc72KJVkKYlzki1UgE3xC4bWbf20= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.73.2/go.mod h1:yJ3CawR/A5qEYFEeCOUVYLTwYxmacfHQhJS+b/2QiaM= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 h1:AHzMWDxNiAVscJL6+4wkvFRTpMnJqiaZFEKA/osaBXE= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0/go.mod h1:wAR5JopumPtAZnu0Cjv2PSqV4p4QB09LMhc6fZZTXuA= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -701,8 +705,8 @@ oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= -sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= +sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= +sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.0 h1:duoo14Ky/fJXpjpmyMISE2RTBGnfCg8zICfTYLTnBJA= sigs.k8s.io/gateway-api v1.5.0/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go index 85162b73db6..f2931d2b37a 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go @@ -35,7 +35,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { }, } Eventually(sm).Should(k8sFixture.ExistByName()) - + serverName := "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc" Expect(sm.Spec.Endpoints).To(Equal([]monitoringv1.Endpoint{{ BearerTokenSecret: &corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ @@ -57,7 +57,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Key: "service-ca.crt", }, }, - ServerName: "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc", + ServerName: &serverName, }, }, }})) From 32be141dab3aa953d30559574066b69166960a57 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Wed, 20 May 2026 11:43:35 +0530 Subject: [PATCH 2/6] [GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components Signed-off-by: akhil nittala --- argocd-operator | 1 + .../crd/bases/argoproj.io_argocdexports.yaml | 285 ++++++++++++++++++ config/crd/bases/argoproj.io_argocds.yaml | 10 + config/manager/kustomization.yaml | 2 +- 4 files changed, 297 insertions(+), 1 deletion(-) create mode 160000 argocd-operator create mode 100644 config/crd/bases/argoproj.io_argocdexports.yaml diff --git a/argocd-operator b/argocd-operator new file mode 160000 index 00000000000..323833711f9 --- /dev/null +++ b/argocd-operator @@ -0,0 +1 @@ +Subproject commit 323833711f91c6d65339f47c35dd74d62ca8aa3b diff --git a/config/crd/bases/argoproj.io_argocdexports.yaml b/config/crd/bases/argoproj.io_argocdexports.yaml new file mode 100644 index 00000000000..8ca82238561 --- /dev/null +++ b/config/crd/bases/argoproj.io_argocdexports.yaml @@ -0,0 +1,285 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + name: argocdexports.argoproj.io +spec: + group: argoproj.io + names: + kind: ArgoCDExport + listKind: ArgoCDExportList + plural: argocdexports + singular: argocdexport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ArgoCDExport is the Schema for the argocdexports API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ArgoCDExportSpec defines the desired state of ArgoCDExport + properties: + argocd: + description: Argocd is the name of the ArgoCD instance to export. + type: string + image: + description: Image is the container image to use for the export Job. + type: string + schedule: + description: Schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. + type: string + storage: + description: Storage defines the storage configuration options. + properties: + backend: + description: Backend defines the storage backend to use, must + be "local" (the default), "aws", "azure" or "gcp". + type: string + pvc: + description: PVC is the desired characteristics for a PersistentVolumeClaim. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + secretName: + description: SecretName is the name of a Secret with encryption + key, credentials, etc. + type: string + type: object + version: + description: Version is the tag/digest to use for the export Job container + image. + type: string + required: + - argocd + type: object + status: + description: ArgoCDExportStatus defines the observed state of ArgoCDExport + properties: + phase: + description: |- + Phase is a simple, high-level summary of where the ArgoCDExport is in its lifecycle. + There are five possible phase values: + Pending: The ArgoCDExport has been accepted by the Kubernetes system, but one or more of the required resources have not been created. + Running: All of the containers for the ArgoCDExport are still running, or in the process of starting or restarting. + Succeeded: All containers for the ArgoCDExport have terminated in success, and will not be restarted. + Failed: At least one container has terminated in failure, either exited with non-zero status or was terminated by the system. + Unknown: For some reason the state of the ArgoCDExport could not be obtained. + type: string + required: + - phase + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/argoproj.io_argocds.yaml b/config/crd/bases/argoproj.io_argocds.yaml index 3633a0f87cd..57d0b2adf04 100644 --- a/config/crd/bases/argoproj.io_argocds.yaml +++ b/config/crd/bases/argoproj.io_argocds.yaml @@ -12182,12 +12182,14 @@ spec: type: array maxVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" type: string minVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" @@ -18183,12 +18185,14 @@ spec: type: array maxVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" type: string minVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" @@ -18967,12 +18971,14 @@ spec: type: array maxVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" type: string minVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" @@ -22571,12 +22577,14 @@ spec: type: array maxVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" type: string minVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" @@ -28271,12 +28279,14 @@ spec: type: array maxVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" type: string minVersion: enum: + - "1.0" - "1.1" - "1.2" - "1.3" diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index a81d848d19e..233ab6f29d4 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: quay.io/nittalaakhil/openshift-gitops-operator - newTag: v0.0.9 + newTag: v0.0.38 From 9be418fdd25c6f728494819dd618aa67eac36512 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Thu, 21 May 2026 17:20:32 +0530 Subject: [PATCH 3/6] [GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components Signed-off-by: akhil nittala --- Dockerfile | 23 +- Makefile | 2 +- bundle/manifests/argoproj.io_argocds.yaml | 611 +++++++++++++++++- ...gitops-operator.clusterserviceversion.yaml | 1 + .../crd/bases/argoproj.io_argocdexports.yaml | 285 -------- config/crd/bases/argoproj.io_argocds.yaml | 39 ++ config/manager/kustomization.yaml | 3 +- config/rbac/role.yaml | 134 ++-- .../1-121_validate_image_updater_test.go | 3 +- 9 files changed, 709 insertions(+), 392 deletions(-) delete mode 100644 config/crd/bases/argoproj.io_argocdexports.yaml diff --git a/Dockerfile b/Dockerfile index 78ec2d8d65b..15d6e509f80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,34 +2,31 @@ FROM golang:1.26.2 as builder WORKDIR /workspace - -COPY argocd-operator /workspace/argocd-operator - # Copy the Go Modules manifests COPY go.mod go.mod COPY go.sum go.sum - -# Cache dependencies +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer RUN go mod download -# Copy the Go source +# Copy the go source COPY cmd/main.go cmd/main.go COPY api/ api/ COPY controllers/ controllers/ COPY common/ common/ COPY version/ version/ -# Build explicitly for linux/amd64 -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager ./cmd/main.go - -# Use distroless as minimal base image -FROM --platform=linux/amd64 gcr.io/distroless/static:nonroot +# Build - Use TARGETARCH to build for the correct architecture +ARG TARGETARCH +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o manager ./cmd/main.go +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot WORKDIR / - COPY --from=builder /workspace/manager /usr/local/bin/manager -# Install redis artifacts +# install redis artifacts COPY build/redis /var/lib/redis USER 65532:65532 diff --git a/Makefile b/Makefile index 5c4f103a76c..66d61c310e3 100644 --- a/Makefile +++ b/Makefile @@ -183,7 +183,7 @@ run: manifests generate fmt vet ## Run a controller from your host. CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES=argo-rollouts,test-rom-ns-1,rom-ns-1,openshift-gitops ARGOCD_CLUSTER_CONFIG_NAMESPACES="openshift-gitops, argocd-e2e-cluster-config, argocd-test-impersonation-1-046, argocd-agent-principal-1-051, argocd-agent-agent-1-052, appset-argocd, appset-old-ns, appset-new-ns, ns-hosting-principal, ns-hosting-managed-agent, ns-hosting-autonomous-agent, appset-argocd-clusterrole" REDIS_CONFIG_PATH="build/redis" go run ./cmd/main.go .PHONY: docker-build -docker-build: ## Build container image with the manager. +docker-build: test ## Build container image with the manager. $(CONTAINER_RUNTIME) build --platform=linux/amd64 -t ${IMG} . .PHONY: docker-push diff --git a/bundle/manifests/argoproj.io_argocds.yaml b/bundle/manifests/argoproj.io_argocds.yaml index 4980e27b7e9..7cb0d2b4e0a 100644 --- a/bundle/manifests/argoproj.io_argocds.yaml +++ b/bundle/manifests/argoproj.io_argocds.yaml @@ -1325,6 +1325,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -1905,7 +1914,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources should be created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -2133,12 +2141,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -2146,6 +2149,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -8755,6 +8766,145 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object status: description: ArgoCDStatus defines the observed state of ArgoCD @@ -9129,12 +9279,7 @@ spec: type: string description: Custom labels to pods deployed by the operator type: object - logLevel: - description: LogLevel describes the log level that should be used - by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the ApplicationSet component. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -9142,6 +9287,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string resources: description: Resources defines the Compute Resources required by the container for ApplicationSet. @@ -11595,6 +11748,66 @@ spec: server to be used by the PrincAgentipal component. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent agent component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object tls: description: TLS defines the TLS options for the Agent component. properties: @@ -11865,6 +12078,66 @@ spec: the TLS certificate and key for the resource proxy. type: string type: object + resources: + description: Resources defines the Compute Resources required + by the container for the Argo CD Agent principal component. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object server: description: Server defines the server options for the Principal component. @@ -11920,6 +12193,32 @@ spec: description: SecretName is The name of the secret containing the TLS certificate and key. type: string + tlsConfig: + description: TLS configuration for the Principal component. + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) + || self.minVersion <= self.maxVersion' type: object type: object type: object @@ -11945,11 +12244,20 @@ spec: required: - content type: object + clusterDomain: + description: |- + ClusterDomain is the cluster domain suffix used for constructing service FQDNs. Defaults to "cluster.local". + The full FQDN will be: ..svc. + This is useful for clusters that use a different DNS suffix (e.g., "CLUSTER_ID.cluster.local", "edge.local"). + type: string cmdParams: additionalProperties: type: string - description: CmdParams specifies command-line parameters for the Argo - CD components. + description: |- + CmdParams specifies command-line parameters for the Argo CD components. + The only keys currently supported for this parameter are: + - controller.resource.health.persist + - applicationsetcontroller.enable.tokenref.strict.mode — when ApplicationSet-in-any-namespace is active, the operator defaults this to "true" type: object configManagementPlugins: description: 'Deprecated: ConfigManagementPlugins field is no longer @@ -13780,6 +14088,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -17893,6 +18210,32 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TLS configuration for the Image Updater + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' required: - enabled type: object @@ -18031,7 +18374,6 @@ spec: NetworkPolicy resources for this Argo CD instance. properties: enabled: - default: true description: |- Enabled defines whether NetworkPolicy resources are created for this Argo CD instance. When enabled, the operator will reconcile NetworkPolicies for Argo CD components. @@ -18259,12 +18601,7 @@ spec: image: description: Image is the Argo CD Notifications image (optional) type: string - logLevel: - description: LogLevel describes the log level that should be used - by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel - if not set. Valid options are debug,info, error, and warn. - type: string - logformat: + logFormat: description: LogFormat refers to the log format used by the argocd-notifications. Defaults to ArgoCDDefaultLogFormat if not configured. Valid options are text or json. @@ -18272,6 +18609,14 @@ spec: - text - json type: string + logLevel: + description: LogLevel describes the log level that should be used + by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel + if not set. Valid options are debug,info, error, and warn. + type: string + logformat: + description: 'Deprecated: use LogFormat instead.' + type: string replicas: description: Replicas defines the number of replicas to run for notifications-controller @@ -18654,6 +18999,33 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object + tlsConfig: + description: TlsConfig defines the TLS configuration for the Redis + server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' version: description: Version is the Redis container image tag. type: string @@ -22238,6 +22610,32 @@ spec: x-kubernetes-map-type: atomic type: array type: object + tlsConfig: + description: TLS configuration for the repo server + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' verifytls: description: VerifyTLS defines whether repo server API should be accessed using strict TLS validation @@ -27918,6 +28316,32 @@ spec: - name type: object type: array + tlsConfig: + description: TLS configuration for the Argo CD Server component + properties: + cipherSuites: + items: + type: string + type: array + maxVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + minVersion: + enum: + - "1.0" + - "1.1" + - "1.2" + - "1.3" + type: string + type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' volumeMounts: description: VolumeMounts adds volumeMounts to the Argo CD Server container. @@ -32216,6 +32640,149 @@ spec: description: Version is the tag to use with the ArgoCD container image for all ArgoCD components. type: string + webTerminalEnabled: + description: WebTerminalEnabled allows you to get a shell inside a + running pod just like you would with kubectl exec + type: boolean + webhookSecrets: + description: |- + WebhookSecrets references Kubernetes Secrets that supply webhook credentials per provider. + The operator syncs values into argocd-secret under the keys Argo CD expects. + properties: + azureDevOps: + description: 'AzureDevOps: Secret key references for the Azure + DevOps webhook username and password (or PAT).' + properties: + passwordSecretRef: + description: PasswordSecretRef points to the key holding the + password or PAT. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + usernameSecretRef: + description: UsernameSecretRef points to the key holding the + username. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + x-kubernetes-validations: + - message: usernameSecretRef and passwordSecretRef must be set + together + rule: (has(self.usernameSecretRef) && has(self.passwordSecretRef)) + || (!has(self.usernameSecretRef) && !has(self.passwordSecretRef)) + bitbucket: + description: 'Bitbucket: Secret key reference for the Bitbucket + Cloud webhook UUID.' + properties: + webhookUUIDSecretRef: + description: WebhookUUIDSecretRef points to the key holding + the Bitbucket Cloud webhook UUID. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + bitbucketServer: + description: 'BitbucketServer: Secret key reference for the Bitbucket + Server webhook secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Bitbucket Server webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + github: + description: 'GitHub: Secret key reference for the GitHub webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitHub webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gitlab: + description: 'GitLab: Secret key reference for the GitLab webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + GitLab webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + gogs: + description: 'Gogs: Secret key reference for the Gogs webhook + shared secret.' + properties: + webhookSecretRef: + description: WebhookSecretRef points to the key holding the + Gogs webhook shared secret. + properties: + key: + description: Key in the Secret whose value should be used. + type: string + name: + description: Name of the Secret. + type: string + required: + - key + - name + type: object + type: object + type: object type: object x-kubernetes-validations: - message: spec.sso and spec.oidcConfig cannot both be set diff --git a/bundle/manifests/gitops-operator.clusterserviceversion.yaml b/bundle/manifests/gitops-operator.clusterserviceversion.yaml index 720ba92867d..fb2be85485f 100644 --- a/bundle/manifests/gitops-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gitops-operator.clusterserviceversion.yaml @@ -590,6 +590,7 @@ spec: - apiGroups: - config.openshift.io resources: + - apiservers - authentications - clusterversions - ingresses diff --git a/config/crd/bases/argoproj.io_argocdexports.yaml b/config/crd/bases/argoproj.io_argocdexports.yaml deleted file mode 100644 index 8ca82238561..00000000000 --- a/config/crd/bases/argoproj.io_argocdexports.yaml +++ /dev/null @@ -1,285 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: argocdexports.argoproj.io -spec: - group: argoproj.io - names: - kind: ArgoCDExport - listKind: ArgoCDExportList - plural: argocdexports - singular: argocdexport - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ArgoCDExport is the Schema for the argocdexports API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ArgoCDExportSpec defines the desired state of ArgoCDExport - properties: - argocd: - description: Argocd is the name of the ArgoCD instance to export. - type: string - image: - description: Image is the container image to use for the export Job. - type: string - schedule: - description: Schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. - type: string - storage: - description: Storage defines the storage configuration options. - properties: - backend: - description: Backend defines the storage backend to use, must - be "local" (the default), "aws", "azure" or "gcp". - type: string - pvc: - description: PVC is the desired characteristics for a PersistentVolumeClaim. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to the PersistentVolume - backing this claim. - type: string - type: object - secretName: - description: SecretName is the name of a Secret with encryption - key, credentials, etc. - type: string - type: object - version: - description: Version is the tag/digest to use for the export Job container - image. - type: string - required: - - argocd - type: object - status: - description: ArgoCDExportStatus defines the observed state of ArgoCDExport - properties: - phase: - description: |- - Phase is a simple, high-level summary of where the ArgoCDExport is in its lifecycle. - There are five possible phase values: - Pending: The ArgoCDExport has been accepted by the Kubernetes system, but one or more of the required resources have not been created. - Running: All of the containers for the ArgoCDExport are still running, or in the process of starting or restarting. - Succeeded: All containers for the ArgoCDExport have terminated in success, and will not be restarted. - Failed: At least one container has terminated in failure, either exited with non-zero status or was terminated by the system. - Unknown: For some reason the state of the ArgoCDExport could not be obtained. - type: string - required: - - phase - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/argoproj.io_argocds.yaml b/config/crd/bases/argoproj.io_argocds.yaml index 57d0b2adf04..311e945405f 100644 --- a/config/crd/bases/argoproj.io_argocds.yaml +++ b/config/crd/bases/argoproj.io_argocds.yaml @@ -1314,6 +1314,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -12195,6 +12204,10 @@ spec: - "1.3" type: string type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) + || self.minVersion <= self.maxVersion' type: object type: object type: object @@ -12233,6 +12246,7 @@ spec: CmdParams specifies command-line parameters for the Argo CD components. The only keys currently supported for this parameter are: - controller.resource.health.persist + - applicationsetcontroller.enable.tokenref.strict.mode — when ApplicationSet-in-any-namespace is active, the operator defaults this to "true" type: object configManagementPlugins: description: 'Deprecated: ConfigManagementPlugins field is no longer @@ -14063,6 +14077,15 @@ spec: description: Sharding contains the options for the Application Controller sharding configuration. properties: + algorithm: + description: DistributionAlgorithm determines what algorithm + will be used for distribution of shards. Valid options are + legacy, round-robin, and consistent-hashing + enum: + - legacy + - round-robin + - consistent-hashing + type: string clustersPerShard: description: ClustersPerShard defines the maximum number of clusters managed by each argocd shard @@ -18198,6 +18221,10 @@ spec: - "1.3" type: string type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' required: - enabled type: object @@ -18984,6 +19011,10 @@ spec: - "1.3" type: string type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' version: description: Version is the Redis container image tag. type: string @@ -22590,6 +22621,10 @@ spec: - "1.3" type: string type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' verifytls: description: VerifyTLS defines whether repo server API should be accessed using strict TLS validation @@ -28292,6 +28327,10 @@ spec: - "1.3" type: string type: object + x-kubernetes-validations: + - message: minVersion must be less than or equal to maxVersion + rule: '!has(self.minVersion) || !has(self.maxVersion) || self.minVersion + <= self.maxVersion' volumeMounts: description: VolumeMounts adds volumeMounts to the Argo CD Server container. diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 233ab6f29d4..c7ac940f7d1 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -12,5 +12,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: quay.io/nittalaakhil/openshift-gitops-operator - newTag: v0.0.38 + newName: quay.io/redhat-developer/gitops-operator diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b9282d1e539..0f22348a5da 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -18,7 +18,13 @@ rules: - services - services/finalizers verbs: - - '*' + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -91,20 +97,19 @@ rules: resources: - daemonsets - deployments + - podtemplates - replicasets - statefulsets verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments/finalizers - verbs: + - create + - delete + - get + - list + - patch - update + - watch - apiGroups: - apps - resourceNames: - - argocd-operator resources: - deployments/finalizers verbs: @@ -117,21 +122,8 @@ rules: - deployments/finalizers verbs: - update -- apiGroups: - - apps - resources: - - podtemplates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - apps.openshift.io - - route.openshift.io resources: - '*' verbs: @@ -142,13 +134,6 @@ rules: - patch - update - watch -- apiGroups: - - argocd-image-updater.argoproj.io - resources: - - imageupdaters - - imageupdaters/finalizers - verbs: - - '*' - apiGroups: - argoproj.io resources: @@ -158,6 +143,8 @@ rules: - clusteranalysistemplates - experiments - experiments/finalizers + - namespacemanagements + - namespacemanagements/status - rollouts - rollouts/finalizers - rollouts/scale @@ -179,29 +166,6 @@ rules: - argocds - argocds/finalizers - argocds/status - verbs: - - '*' -- apiGroups: - - argoproj.io - resources: - - argocdexports - - argocdexports/finalizers - - argocdexports/status - - namespacemanagements/finalizers - - notificationsconfigurations - - notificationsconfigurations/finalizers - verbs: - - '*' -- apiGroups: - - argoproj.io - resources: - - namespacemanagements - - namespacemanagements/status - verbs: - - '*' -- apiGroups: - - argoproj.io - resources: - rolloutmanagers verbs: - create @@ -211,6 +175,13 @@ rules: - patch - update - watch +- apiGroups: + - argoproj.io + resources: + - notificationsconfigurations + - notificationsconfigurations/finalizers + verbs: + - '*' - apiGroups: - argoproj.io resources: @@ -230,21 +201,25 @@ rules: resources: - horizontalpodautoscalers verbs: - - '*' + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - - '*' -- apiGroups: - - certificates.k8s.io - resources: - - clustertrustbundles - verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - config.openshift.io @@ -327,7 +302,13 @@ rules: - prometheusrules - servicemonitors verbs: - - '*' + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.istio.io resources: @@ -343,11 +324,6 @@ rules: - networking.k8s.io resources: - ingresses - verbs: - - '*' -- apiGroups: - - networking.k8s.io - resources: - networkpolicies verbs: - create @@ -414,7 +390,16 @@ rules: - clusterrolebindings - clusterroles verbs: - - '*' + - bind + - create + - delete + - deletecollection + - escalate + - get + - list + - patch + - update + - watch - apiGroups: - rbac.authorization.k8s.io resources: @@ -431,10 +416,17 @@ rules: - apiGroups: - route.openshift.io resources: + - '*' - routes - routes/custom-host verbs: - - '*' + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - split.smi-spec.io resources: @@ -452,7 +444,13 @@ rules: - templateinstances - templates verbs: - - '*' + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - traefik.containo.us resources: diff --git a/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go index 4f1aa38b6d8..285f792382b 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go @@ -162,10 +162,11 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { By("creating ImageUpdater CR") updateStrategy := "semver" + namespace := ns.Name imageUpdater = &imageUpdaterApi.ImageUpdater{ ObjectMeta: metav1.ObjectMeta{ Name: "image-updater", - Namespace: ns.Name, + Namespace: namespace, }, Spec: imageUpdaterApi.ImageUpdaterSpec{ ApplicationRefs: []imageUpdaterApi.ApplicationRef{ From 58135e704e593133ecfd335aed99c9f59e1d8ee0 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Thu, 21 May 2026 17:23:20 +0530 Subject: [PATCH 4/6] [GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components Signed-off-by: akhil nittala --- Dockerfile | 2 +- Makefile | 2 +- argocd-operator | 1 - .../e2e/ginkgo/parallel/1-121_validate_image_updater_test.go | 3 ++- 4 files changed, 4 insertions(+), 4 deletions(-) delete mode 160000 argocd-operator diff --git a/Dockerfile b/Dockerfile index 15d6e509f80..07ceb2e7284 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,4 +31,4 @@ COPY build/redis /var/lib/redis USER 65532:65532 -ENTRYPOINT ["/usr/local/bin/manager"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/manager"] diff --git a/Makefile b/Makefile index 66d61c310e3..b8be5ed038a 100644 --- a/Makefile +++ b/Makefile @@ -184,7 +184,7 @@ run: manifests generate fmt vet ## Run a controller from your host. .PHONY: docker-build docker-build: test ## Build container image with the manager. - $(CONTAINER_RUNTIME) build --platform=linux/amd64 -t ${IMG} . + $(CONTAINER_RUNTIME) build -t ${IMG} . .PHONY: docker-push docker-push: ## Push container image with the manager. diff --git a/argocd-operator b/argocd-operator deleted file mode 160000 index 323833711f9..00000000000 --- a/argocd-operator +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 323833711f91c6d65339f47c35dd74d62ca8aa3b diff --git a/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go index 285f792382b..ff9275058e2 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go @@ -166,9 +166,10 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { imageUpdater = &imageUpdaterApi.ImageUpdater{ ObjectMeta: metav1.ObjectMeta{ Name: "image-updater", - Namespace: namespace, + Namespace: ns.Name, }, Spec: imageUpdaterApi.ImageUpdaterSpec{ + Namespace: &namespace, ApplicationRefs: []imageUpdaterApi.ApplicationRef{ { NamePattern: "app*", From a007108946db755b0e2973c9e59ec34feaa15e5c Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Thu, 21 May 2026 17:24:59 +0530 Subject: [PATCH 5/6] [GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components Signed-off-by: akhil nittala --- go.mod | 20 ++++----- go.sum | 140 ++++++++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 114 insertions(+), 46 deletions(-) diff --git a/go.mod b/go.mod index 90912b56761..bd8c90cc514 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/operator-framework/api v0.17.5 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 github.com/stretchr/testify v1.11.1 - go.uber.org/zap v1.28.0 - golang.org/x/mod v0.36.0 + go.uber.org/zap v1.27.1 + golang.org/x/mod v0.34.0 gopkg.in/yaml.v3 v3.0.1 gotest.tools v2.2.0+incompatible k8s.io/api v0.35.2 @@ -57,7 +57,7 @@ require ( github.com/casbin/casbin/v2 v2.135.0 // indirect github.com/casbin/govaluate v1.10.0 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect - github.com/cert-manager/cert-manager v1.20.2 // indirect + github.com/cert-manager/cert-manager v1.20.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.3 // indirect github.com/chainguard-dev/git-urls v1.0.2 // indirect @@ -96,7 +96,7 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/cel-go v0.27.0 // indirect + github.com/google/cel-go v0.26.0 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/go-github/v69 v69.2.0 // indirect github.com/google/go-github/v84 v84.0.0 // indirect @@ -116,12 +116,11 @@ require ( github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.18.0 // indirect - github.com/klauspost/cpuid/v2 v2.3.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.9.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/moby/spdystream v0.5.1 // indirect + github.com/moby/spdystream v0.5.0 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect @@ -133,7 +132,7 @@ require ( github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5 // indirect github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect - github.com/pjbgf/sha1cd v0.6.0 // indirect + github.com/pjbgf/sha1cd v0.3.2 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -151,6 +150,7 @@ require ( github.com/skeema/knownhosts v1.3.1 // indirect github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/pflag v1.0.10 // indirect + github.com/stoewer/go-strcase v1.3.1 // indirect github.com/vmihailenco/go-tinylfu v0.2.2 // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect @@ -185,7 +185,7 @@ require ( google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 // indirect - google.golang.org/grpc v1.80.0 // indirect + google.golang.org/grpc v1.79.3 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -205,8 +205,8 @@ require ( sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect sigs.k8s.io/gateway-api v1.5.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect - sigs.k8s.io/kustomize/api v0.21.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.21.1 // indirect + sigs.k8s.io/kustomize/api v0.21.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.21.0 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect ) diff --git a/go.sum b/go.sum index 238da638bd9..f337ee8796e 100644 --- a/go.sum +++ b/go.sum @@ -39,6 +39,7 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= +<<<<<<< HEAD github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260505092152-3e07addcb2cb h1:twEKryeq6kBw7nobBiqfh2Dq+ywDyUJRNt6XBHyLYps= github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260505092152-3e07addcb2cb/go.mod h1:Ouqjtkj48SPJhW6r00CYqJ4uM7QDy3D4tinKIK9Y69Q= github.com/argoproj-labs/argocd-image-updater v1.2.1 h1:yaJdmpFOOKTkC9688/a7jjOBLpCREj7Wdnmn4A3v1nU= @@ -49,6 +50,18 @@ github.com/argoproj/argo-cd/gitops-engine v0.0.0-20260512203152-0dc6b1b57dd5 h1: github.com/argoproj/argo-cd/gitops-engine v0.0.0-20260512203152-0dc6b1b57dd5/go.mod h1:6Q1KZzkeKlnCpzzZ1Fu72+WPMAt+ZeMD9KOO6aMjW68= github.com/argoproj/argo-cd/v3 v3.4.2 h1:S3j0K34uGW4geWiM88+0cHcCEtInn2Sa9U7/Sa18L7Y= github.com/argoproj/argo-cd/v3 v3.4.2/go.mod h1:fWDp6ko+Pug6pCEmhZxd35V/Pd9QJgYhky3pJNnsuKE= +======= +github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260416124436-25ad7d58a5c7 h1:VQNrANq/TjAEaU61h8eLtClxDy5edYCyYlAsU/26RQo= +github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260416124436-25ad7d58a5c7/go.mod h1:HUfsiRtK/HIsFTzK++im6UiWsqsswoF2yN2kpD9a27k= +github.com/argoproj-labs/argocd-image-updater v1.1.1 h1:7YDaR3WX2NMsDKp0wN7TRaRRHaVHQ94tSybi2P99MGk= +github.com/argoproj-labs/argocd-image-updater v1.1.1/go.mod h1:gMHiNrGNwNSt4ljf0ykcnmNvXBk/NJ+Z17AnZVe7V7I= +github.com/argoproj-labs/argocd-operator v0.17.0-rc1.0.20260410174833-e8a74112682f h1:yGPeMiJsZAQk3u57vjm5NbG247jsm9C2PLI7+rryyBc= +github.com/argoproj-labs/argocd-operator v0.17.0-rc1.0.20260410174833-e8a74112682f/go.mod h1:DIE2g4/v+EKdKYDfUfJjmawdAfw3BH00LFSoQPag7JI= +github.com/argoproj/argo-cd/v3 v3.3.6 h1:eaWeTkM5EdDHSD3seySuxmbBY38UHjZfRJUPRBccGcY= +github.com/argoproj/argo-cd/v3 v3.3.6/go.mod h1:jNt8U5uib3bZWtKc4c0L9OsvgkYVOA0HtcRppVcp1oM= +github.com/argoproj/gitops-engine v0.7.1-0.20251217140045-5baed5604d2d h1:iUJYrbSvpV9n8vyl1sBt1GceM60HhHfnHxuzcm5apDg= +github.com/argoproj/gitops-engine v0.7.1-0.20251217140045-5baed5604d2d/go.mod h1:PauXVUVcfiTgC+34lDdWzPS101g4NpsUtDAjFBnWf94= +>>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5 h1:YBoLSjpoaJXaXAldVvBRKJuOPvIXz9UOv6S96gMJM/Q= github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5/go.mod h1:ebVOzFJphdN1p6EG2mIMECv/3Rk/almSaxIYuFAmsSw= github.com/argoproj/pkg/v2 v2.0.1 h1:O/gCETzB/3+/hyFL/7d/VM/6pSOIRWIiBOTb2xqAHvc= @@ -78,8 +91,8 @@ github.com/casbin/govaluate v1.10.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cert-manager/cert-manager v1.20.2 h1:CimnY00nLqB2lmxhoSuEC4GDMFDK7JCXqyjwMM9ndIQ= -github.com/cert-manager/cert-manager v1.20.2/go.mod h1:1g/+a/WK5zWH/dXPZa3dMD3aJQJNRXQu+PN17C6WrOw= +github.com/cert-manager/cert-manager v1.20.1 h1:99ExHJu5TPp1V92AvvE4oY6BkOSyJiWLxxMkbqbdGaY= +github.com/cert-manager/cert-manager v1.20.1/go.mod h1:ut67FnggYJJqAdDWLhSPnj10P06QwbNU88RYNh9MvMc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -154,12 +167,17 @@ github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8b github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmmBPA= -github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw= +github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0= +github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= +<<<<<<< HEAD github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00= github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ= +======= +github.com/go-git/go-git/v5 v5.17.1 h1:WnljyxIzSj9BRRUlnmAU35ohDsjRK0EKmL0evDqi5Jk= +github.com/go-git/go-git/v5 v5.17.1/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo= +>>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -210,12 +228,13 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.27.0 h1:e7ih85+4qVrBuqQWTW4FKSqZYokVuc3HnhH5keboFTo= -github.com/google/cel-go v0.27.0/go.mod h1:tTJ11FWqnhw5KKpnWpvW9CJC3Y9GK4EIS0WXnBbebzw= +github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= +github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c= github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -224,16 +243,23 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-github/v69 v69.2.0 h1:wR+Wi/fN2zdUx9YxSmYE0ktiX9IAR/BeePzeaUUbEHE= github.com/google/go-github/v69 v69.2.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= +<<<<<<< HEAD github.com/google/go-github/v84 v84.0.0 h1:I/0Xn5IuChMe8TdmI2bbim5nyhaRFJ7DEdzmD2w+yVA= github.com/google/go-github/v84 v84.0.0/go.mod h1:WwYL1z1ajRdlaPszjVu/47x1L0PXukJBn73xsiYrRRQ= github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= +======= +github.com/google/go-github/v75 v75.0.0 h1:k7q8Bvg+W5KxRl9Tjq16a9XEgVY1pwuiG5sIL7435Ic= +github.com/google/go-github/v75 v75.0.0/go.mod h1:H3LUJEA1TCrzuUqtdAQniBNwuKiQIqdGKgBo1/M/uqI= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +>>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg= -github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.1-0.20241114170450-2d3c2a9cc518 h1:UBg1xk+oAsIVbFuGg6hdfAm7EvCv3EL80vFxJNsslqw= @@ -281,8 +307,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= -github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= -github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= +github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY= +github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -313,8 +339,8 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= -github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= +github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -344,8 +370,13 @@ github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8Ay github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw= github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= +<<<<<<< HEAD github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag= github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= +======= +github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI= +github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= +>>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= @@ -356,8 +387,13 @@ github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= github.com/onsi/gomega v1.25.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= +<<<<<<< HEAD github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= +======= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= +>>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -374,8 +410,8 @@ github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pjbgf/sha1cd v0.6.0 h1:3WJ8Wz8gvDz29quX1OcEmkAlUg9diU4GxJHqs0/XiwU= -github.com/pjbgf/sha1cd v0.6.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM= +github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= +github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -421,6 +457,8 @@ github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiT github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= +github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -465,6 +503,7 @@ github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +<<<<<<< HEAD go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0 h1:yI1/OhfEPy7J9eoa6Sj051C7n5dvpj0QX8g4sRchg04= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0/go.mod h1:NoUCKYWK+3ecatC4HjkRktREheMeEtrXoQxrqYFeHSc= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o= @@ -485,6 +524,28 @@ go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= +======= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0/go.mod h1:fvPi2qXDqFs8M4B4fmJhE92TyQs9Ydjlg3RvfUp+NbQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= +go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= +go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk= +go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g= +go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc= +go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= +go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= +go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw= +go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg= +go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= +go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= +go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= +go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= +>>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -493,8 +554,8 @@ go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= -go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= +go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= +go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= @@ -506,11 +567,11 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= -golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= -golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJkhzJCK5J6kUi1NTVXfM= -golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80= +golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 h1:R9PFI6EUdfVKgwKjZef7QIwGcBKu86OEFpJ9nUEP2l4= +golang.org/x/exp v0.0.0-20250718183923-645b1fa84792/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -518,8 +579,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= -golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= -golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= +golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= +golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -542,8 +603,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= -golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= -golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= @@ -587,8 +648,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= -golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -600,8 +661,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= -golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= -golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= +golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= +golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -613,18 +674,25 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +<<<<<<< HEAD golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= +======= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +>>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= -gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -641,8 +709,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= -google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= @@ -711,10 +779,10 @@ sigs.k8s.io/gateway-api v1.5.0 h1:duoo14Ky/fJXpjpmyMISE2RTBGnfCg8zICfTYLTnBJA= sigs.k8s.io/gateway-api v1.5.0/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/kustomize/api v0.21.1 h1:lzqbzvz2CSvsjIUZUBNFKtIMsEw7hVLJp0JeSIVmuJs= -sigs.k8s.io/kustomize/api v0.21.1/go.mod h1:f3wkKByTrgpgltLgySCntrYoq5d3q7aaxveSagwTlwI= -sigs.k8s.io/kustomize/kyaml v0.21.1 h1:IVlbmhC076nf6foyL6Taw4BkrLuEsXUXNpsE+ScX7fI= -sigs.k8s.io/kustomize/kyaml v0.21.1/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ= +sigs.k8s.io/kustomize/api v0.21.0 h1:I7nry5p8iDJbuRdYS7ez8MUvw7XVNPcIP5GkzzuXIIQ= +sigs.k8s.io/kustomize/api v0.21.0/go.mod h1:XGVQuR5n2pXKWbzXHweZU683pALGw/AMVO4zU4iS8SE= +sigs.k8s.io/kustomize/kyaml v0.21.0 h1:7mQAf3dUwf0wBerWJd8rXhVcnkk5Tvn/q91cGkaP6HQ= +sigs.k8s.io/kustomize/kyaml v0.21.0/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= From 26990b5a43f39551d9cfa18ce5028d38311682b0 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Thu, 4 Jun 2026 12:50:39 +0530 Subject: [PATCH 6/6] Configuring TLS options from Central TLS Profile and ArgoCD CR for REDIS Signed-off-by: akhil nittala --- go.mod | 23 +++++----- go.sum | 140 +++++++++++++++------------------------------------------ 2 files changed, 48 insertions(+), 115 deletions(-) diff --git a/go.mod b/go.mod index bd8c90cc514..480c895e9a9 100644 --- a/go.mod +++ b/go.mod @@ -15,12 +15,13 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/onsi/ginkgo/v2 v2.29.0 github.com/onsi/gomega v1.41.0 - github.com/openshift/api v0.0.0-20240906151052-5d963dce87aa + github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb + github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e github.com/operator-framework/api v0.17.5 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 github.com/stretchr/testify v1.11.1 - go.uber.org/zap v1.27.1 - golang.org/x/mod v0.34.0 + go.uber.org/zap v1.28.0 + golang.org/x/mod v0.36.0 gopkg.in/yaml.v3 v3.0.1 gotest.tools v2.2.0+incompatible k8s.io/api v0.35.2 @@ -57,7 +58,7 @@ require ( github.com/casbin/casbin/v2 v2.135.0 // indirect github.com/casbin/govaluate v1.10.0 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect - github.com/cert-manager/cert-manager v1.20.1 // indirect + github.com/cert-manager/cert-manager v1.20.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.3 // indirect github.com/chainguard-dev/git-urls v1.0.2 // indirect @@ -96,7 +97,7 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/cel-go v0.26.0 // indirect + github.com/google/cel-go v0.27.0 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/go-github/v69 v69.2.0 // indirect github.com/google/go-github/v84 v84.0.0 // indirect @@ -116,11 +117,12 @@ require ( github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.18.0 // indirect + github.com/klauspost/cpuid/v2 v2.3.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.9.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/moby/spdystream v0.5.0 // indirect + github.com/moby/spdystream v0.5.1 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect @@ -132,7 +134,7 @@ require ( github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5 // indirect github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect - github.com/pjbgf/sha1cd v0.3.2 // indirect + github.com/pjbgf/sha1cd v0.6.0 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -150,7 +152,6 @@ require ( github.com/skeema/knownhosts v1.3.1 // indirect github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/pflag v1.0.10 // indirect - github.com/stoewer/go-strcase v1.3.1 // indirect github.com/vmihailenco/go-tinylfu v0.2.2 // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect @@ -185,7 +186,7 @@ require ( google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 // indirect - google.golang.org/grpc v1.79.3 // indirect + google.golang.org/grpc v1.80.0 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -205,8 +206,8 @@ require ( sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect sigs.k8s.io/gateway-api v1.5.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect - sigs.k8s.io/kustomize/api v0.21.0 // indirect - sigs.k8s.io/kustomize/kyaml v0.21.0 // indirect + sigs.k8s.io/kustomize/api v0.21.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.21.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect ) diff --git a/go.sum b/go.sum index f337ee8796e..238da638bd9 100644 --- a/go.sum +++ b/go.sum @@ -39,7 +39,6 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= -<<<<<<< HEAD github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260505092152-3e07addcb2cb h1:twEKryeq6kBw7nobBiqfh2Dq+ywDyUJRNt6XBHyLYps= github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260505092152-3e07addcb2cb/go.mod h1:Ouqjtkj48SPJhW6r00CYqJ4uM7QDy3D4tinKIK9Y69Q= github.com/argoproj-labs/argocd-image-updater v1.2.1 h1:yaJdmpFOOKTkC9688/a7jjOBLpCREj7Wdnmn4A3v1nU= @@ -50,18 +49,6 @@ github.com/argoproj/argo-cd/gitops-engine v0.0.0-20260512203152-0dc6b1b57dd5 h1: github.com/argoproj/argo-cd/gitops-engine v0.0.0-20260512203152-0dc6b1b57dd5/go.mod h1:6Q1KZzkeKlnCpzzZ1Fu72+WPMAt+ZeMD9KOO6aMjW68= github.com/argoproj/argo-cd/v3 v3.4.2 h1:S3j0K34uGW4geWiM88+0cHcCEtInn2Sa9U7/Sa18L7Y= github.com/argoproj/argo-cd/v3 v3.4.2/go.mod h1:fWDp6ko+Pug6pCEmhZxd35V/Pd9QJgYhky3pJNnsuKE= -======= -github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260416124436-25ad7d58a5c7 h1:VQNrANq/TjAEaU61h8eLtClxDy5edYCyYlAsU/26RQo= -github.com/argoproj-labs/argo-rollouts-manager v0.0.9-0.20260416124436-25ad7d58a5c7/go.mod h1:HUfsiRtK/HIsFTzK++im6UiWsqsswoF2yN2kpD9a27k= -github.com/argoproj-labs/argocd-image-updater v1.1.1 h1:7YDaR3WX2NMsDKp0wN7TRaRRHaVHQ94tSybi2P99MGk= -github.com/argoproj-labs/argocd-image-updater v1.1.1/go.mod h1:gMHiNrGNwNSt4ljf0ykcnmNvXBk/NJ+Z17AnZVe7V7I= -github.com/argoproj-labs/argocd-operator v0.17.0-rc1.0.20260410174833-e8a74112682f h1:yGPeMiJsZAQk3u57vjm5NbG247jsm9C2PLI7+rryyBc= -github.com/argoproj-labs/argocd-operator v0.17.0-rc1.0.20260410174833-e8a74112682f/go.mod h1:DIE2g4/v+EKdKYDfUfJjmawdAfw3BH00LFSoQPag7JI= -github.com/argoproj/argo-cd/v3 v3.3.6 h1:eaWeTkM5EdDHSD3seySuxmbBY38UHjZfRJUPRBccGcY= -github.com/argoproj/argo-cd/v3 v3.3.6/go.mod h1:jNt8U5uib3bZWtKc4c0L9OsvgkYVOA0HtcRppVcp1oM= -github.com/argoproj/gitops-engine v0.7.1-0.20251217140045-5baed5604d2d h1:iUJYrbSvpV9n8vyl1sBt1GceM60HhHfnHxuzcm5apDg= -github.com/argoproj/gitops-engine v0.7.1-0.20251217140045-5baed5604d2d/go.mod h1:PauXVUVcfiTgC+34lDdWzPS101g4NpsUtDAjFBnWf94= ->>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5 h1:YBoLSjpoaJXaXAldVvBRKJuOPvIXz9UOv6S96gMJM/Q= github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5/go.mod h1:ebVOzFJphdN1p6EG2mIMECv/3Rk/almSaxIYuFAmsSw= github.com/argoproj/pkg/v2 v2.0.1 h1:O/gCETzB/3+/hyFL/7d/VM/6pSOIRWIiBOTb2xqAHvc= @@ -91,8 +78,8 @@ github.com/casbin/govaluate v1.10.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cert-manager/cert-manager v1.20.1 h1:99ExHJu5TPp1V92AvvE4oY6BkOSyJiWLxxMkbqbdGaY= -github.com/cert-manager/cert-manager v1.20.1/go.mod h1:ut67FnggYJJqAdDWLhSPnj10P06QwbNU88RYNh9MvMc= +github.com/cert-manager/cert-manager v1.20.2 h1:CimnY00nLqB2lmxhoSuEC4GDMFDK7JCXqyjwMM9ndIQ= +github.com/cert-manager/cert-manager v1.20.2/go.mod h1:1g/+a/WK5zWH/dXPZa3dMD3aJQJNRXQu+PN17C6WrOw= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -167,17 +154,12 @@ github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8b github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0= -github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY= +github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmmBPA= +github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -<<<<<<< HEAD github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00= github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ= -======= -github.com/go-git/go-git/v5 v5.17.1 h1:WnljyxIzSj9BRRUlnmAU35ohDsjRK0EKmL0evDqi5Jk= -github.com/go-git/go-git/v5 v5.17.1/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo= ->>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -228,13 +210,12 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= -github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= +github.com/google/cel-go v0.27.0 h1:e7ih85+4qVrBuqQWTW4FKSqZYokVuc3HnhH5keboFTo= +github.com/google/cel-go v0.27.0/go.mod h1:tTJ11FWqnhw5KKpnWpvW9CJC3Y9GK4EIS0WXnBbebzw= github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c= github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -243,23 +224,16 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-github/v69 v69.2.0 h1:wR+Wi/fN2zdUx9YxSmYE0ktiX9IAR/BeePzeaUUbEHE= github.com/google/go-github/v69 v69.2.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= -<<<<<<< HEAD github.com/google/go-github/v84 v84.0.0 h1:I/0Xn5IuChMe8TdmI2bbim5nyhaRFJ7DEdzmD2w+yVA= github.com/google/go-github/v84 v84.0.0/go.mod h1:WwYL1z1ajRdlaPszjVu/47x1L0PXukJBn73xsiYrRRQ= github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= -======= -github.com/google/go-github/v75 v75.0.0 h1:k7q8Bvg+W5KxRl9Tjq16a9XEgVY1pwuiG5sIL7435Ic= -github.com/google/go-github/v75 v75.0.0/go.mod h1:H3LUJEA1TCrzuUqtdAQniBNwuKiQIqdGKgBo1/M/uqI= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= ->>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.1-0.20241114170450-2d3c2a9cc518 h1:UBg1xk+oAsIVbFuGg6hdfAm7EvCv3EL80vFxJNsslqw= @@ -307,8 +281,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= -github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY= -github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8= +github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= +github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -339,8 +313,8 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= +github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -370,13 +344,8 @@ github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8Ay github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw= github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= -<<<<<<< HEAD github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag= github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= -======= -github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI= -github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= ->>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= @@ -387,13 +356,8 @@ github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= github.com/onsi/gomega v1.25.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= -<<<<<<< HEAD github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= -======= -github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= -github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= ->>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -410,8 +374,8 @@ github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= -github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= +github.com/pjbgf/sha1cd v0.6.0 h1:3WJ8Wz8gvDz29quX1OcEmkAlUg9diU4GxJHqs0/XiwU= +github.com/pjbgf/sha1cd v0.6.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -457,8 +421,6 @@ github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiT github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= -github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -503,7 +465,6 @@ github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= -<<<<<<< HEAD go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0 h1:yI1/OhfEPy7J9eoa6Sj051C7n5dvpj0QX8g4sRchg04= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0/go.mod h1:NoUCKYWK+3ecatC4HjkRktREheMeEtrXoQxrqYFeHSc= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o= @@ -524,28 +485,6 @@ go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= -======= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0/go.mod h1:fvPi2qXDqFs8M4B4fmJhE92TyQs9Ydjlg3RvfUp+NbQ= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= -go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk= -go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g= -go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc= -go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= -go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= -go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw= -go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg= -go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= -go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= -go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= -go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= ->>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -554,8 +493,8 @@ go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= @@ -567,11 +506,11 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 h1:R9PFI6EUdfVKgwKjZef7QIwGcBKu86OEFpJ9nUEP2l4= -golang.org/x/exp v0.0.0-20250718183923-645b1fa84792/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc= +golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJkhzJCK5J6kUi1NTVXfM= +golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -579,8 +518,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= -golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= -golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -603,8 +542,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= @@ -648,8 +587,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -661,8 +600,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= +golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -674,25 +613,18 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= -<<<<<<< HEAD golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= -======= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= -golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= -golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= ->>>>>>> 8cba26d ([GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components) golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= -gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= +gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= +gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -709,8 +641,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= -google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= +google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= @@ -779,10 +711,10 @@ sigs.k8s.io/gateway-api v1.5.0 h1:duoo14Ky/fJXpjpmyMISE2RTBGnfCg8zICfTYLTnBJA= sigs.k8s.io/gateway-api v1.5.0/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/kustomize/api v0.21.0 h1:I7nry5p8iDJbuRdYS7ez8MUvw7XVNPcIP5GkzzuXIIQ= -sigs.k8s.io/kustomize/api v0.21.0/go.mod h1:XGVQuR5n2pXKWbzXHweZU683pALGw/AMVO4zU4iS8SE= -sigs.k8s.io/kustomize/kyaml v0.21.0 h1:7mQAf3dUwf0wBerWJd8rXhVcnkk5Tvn/q91cGkaP6HQ= -sigs.k8s.io/kustomize/kyaml v0.21.0/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ= +sigs.k8s.io/kustomize/api v0.21.1 h1:lzqbzvz2CSvsjIUZUBNFKtIMsEw7hVLJp0JeSIVmuJs= +sigs.k8s.io/kustomize/api v0.21.1/go.mod h1:f3wkKByTrgpgltLgySCntrYoq5d3q7aaxveSagwTlwI= +sigs.k8s.io/kustomize/kyaml v0.21.1 h1:IVlbmhC076nf6foyL6Taw4BkrLuEsXUXNpsE+ScX7fI= +sigs.k8s.io/kustomize/kyaml v0.21.1/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8=