# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: argocd-mco-placement --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: argocd-mco-placement rules: - apiGroups: - "orchestra.multicluster.x-k8s.io" resources: - "multikubernetesclusterplacements" verbs: - "get" - "list" - "watch" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argocd-mco-placement subjects: - kind: ServiceAccount name: argocd-mco-placement namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole name: argocd-mco-placement apiGroup: rbac.authorization.k8s.io --- # https://argo-cd.readthedocs.io/en/latest/operator-manual/applicationset/Generators-Plugin/#add-a-configmap-to-configure-the-access-of-the-plugin apiVersion: v1 kind: ConfigMap metadata: name: argocd-mco-placement data: token: '$argocd-mco-placement:token' baseUrl: "http://argocd-mco-placement.argocd.svc.cluster.local:8888" PORT: "4356" --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-mco-placement spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: argocd-mco-placement template: metadata: labels: app.kubernetes.io/name: argocd-mco-placement spec: serviceAccountName: argocd-mco-placement containers: - name: argocd-mco-placement image: "{{ .Values.image }}" imagePullPolicy: Always envFrom: - configMapRef: name: argocd-mco-placement ports: - containerPort: 4356 name: http resources: requests: memory: "1Gi" cpu: "500m" ephemeral-storage: "1Gi" limits: memory: "1Gi" cpu: "500m" ephemeral-storage: "1Gi" volumes: - name: token secret: secretName: argocd-mco-placement --- apiVersion: v1 kind: Service metadata: name: argocd-mco-placement spec: selector: app.kubernetes.io/name: argocd-mco-placement ports: - name: http port: 8888 targetPort: 4356 --- # This secret lives with the plugin, and is mounted into the plugin container. # The ApplicationSet controller must be configured with the exact same secret. # https://argo-cd.readthedocs.io/en/latest/operator-manual/applicationset/Generators-Plugin/#store-credentials apiVersion: v1 kind: Secret metadata: name: argocd-mco-placement labels: app.kubernetes.io/part-of: argocd stringData: token: 'supersecret'