diff --git a/argocd/README.md b/argocd/README.md index 354278e..24d8078 100644 --- a/argocd/README.md +++ b/argocd/README.md @@ -1,63 +1,8 @@ -# Workflow - Most applications in our Kubernetes cluster are managed by ArgoCD. Most notably operators are NOT managed by ArgoCD. -Adding to `applications/`: `kubectl apply -f newapp.yaml` - -# Deployment - -To deploy ArgoCD: - -```bash -helm repo add argo-cd https://argoproj.github.io/argo-helm -kubectl create secret -n argocd generic argocd-secret # Initialize empty secret for sessions - -helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml -kubectl apply -f argocd.yml -f application-extras.yml -f redis.yaml -f monitoring.yml -n argocd -kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd - -kubectl -n argocd rollout restart deployment/k6-argocd-redis deployment/k6-argocd-repo-server deployment/k6-argocd-server deployment/k6-argocd-notifications-controller statefulset/k6-argocd-application-controller -``` - - -# Setting up Git secrets - -Generate SSH key to access Gitea: - -``` -ssh-keygen -t ecdsa -f id_ecdsa -C argocd.k-space.ee -P '' -kubectl -n argocd create secret generic gitea-kube \ - --from-literal=type=git \ - --from-literal=url=git@git.k-space.ee:k-space/kube \ - --from-file=sshPrivateKey=id_ecdsa -kubectl -n argocd create secret generic gitea-kube-staging \ - --from-literal=type=git \ - --from-literal=url=git@git.k-space.ee:k-space/kube-staging \ - --from-file=sshPrivateKey=id_ecdsa -kubectl -n argocd create secret generic gitea-kube-members \ - --from-literal=type=git \ - --from-literal=url=git@git.k-space.ee:k-space/kube-members \ - --from-file=sshPrivateKey=id_ecdsa -kubectl -n argocd create secret generic gitea-members \ - --from-literal=type=git \ - --from-literal=url=git@git.k-space.ee:k-space/kube-members \ - --from-file=sshPrivateKey=id_ecdsa -kubectl label -n argocd secret gitea-kube argocd.argoproj.io/secret-type=repository -kubectl label -n argocd secret gitea-kube-staging argocd.argoproj.io/secret-type=repository -kubectl label -n argocd secret gitea-kube-members argocd.argoproj.io/secret-type=repository -kubectl label -n argocd secret gitea-members argocd.argoproj.io/secret-type=repository -rm -fv id_ecdsa -``` - -Have Gitea admin reset password for user `argocd` and log in with that account. -Add the SSH key for user `argocd` from file `id_ecdsa.pub`. -Delete any other SSH keys associated with Gitea user `argocd`. - - -# Managing applications - -To update apps: +## Managing applications +Update apps (see TODO below): ``` for j in asterisk bind camtiler etherpad freescout gitea grafana hackerspace nextcloud nyancat rosdump traefik wiki wildduck woodpecker; do @@ -90,3 +35,22 @@ EOF done find applications -name "*.yaml" -exec kubectl apply -n argocd -f {} \; ``` + +### Repository secrets +1. Generate keys locally with `ssh-keygen -f argo` +2. Add `argo.pub` in `git.k-space.ee//` → Settings → Deploy keys +3. Add `argo` (private key) at https://argocd.k-space.ee/settings/repos along with referenced repo. + +## Argo Deployment +To deploy ArgoCD itself: + +```bash +helm repo add argo-cd https://argoproj.github.io/argo-helm +kubectl create secret -n argocd generic argocd-secret # Empty secret for sessions + +helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml +kubectl apply -f argocd.yml -f application-extras.yml -f redis.yaml -f monitoring.yml -n argocd +kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd + +kubectl -n argocd rollout restart deployment/k6-argocd-redis deployment/k6-argocd-repo-server deployment/k6-argocd-server deployment/k6-argocd-notifications-controller statefulset/k6-argocd-application-controller +```