forked from k-space/kube
argocd
applications
.gitignore
README.md
application-extras.yml
monitoring.yml
values.yaml
asterisk
bind
camtiler
cert-manager
cnpg-system
dragonfly-operator-system
elastic-system
etherpad
freescout
gitea
grafana
hackerspace
harbor
kube-system
kubernetes-dashboard
local-path-storage
logging
logmower
longhorn-system
metallb-system
minio-clusters
mongodb-operator
monitoring
mysql-clusters
nextcloud
nyancat
oidc-gateway
openebs
opensearch-operator
passmower
playground
postgres-clusters
prometheus-operator
redis-clusters
reloader
ripe87
rosdump
shared
signs
tigera-operator
traefik
whoami
whoami-oidc
wiki
wildduck
woodpecker
.gitignore
.yamllint
CLUSTER.md
CONTRIBUTORS.md
LICENSE.md
README.md
SLACK.md
cluster-role-bindings.yml
storage-class.yaml
Workflow
Most applications in our Kubernetes cluster are managed by ArgoCD. Most notably operators are NOT managed by ArgoCD.
Adding to applications/: kubectl apply -f newapp.yaml
Deployment
To deploy ArgoCD:
helm repo add argo-cd https://argoproj.github.io/argo-helm
kubectl create secret -n argocd generic argocd-secret # Initialize empty secret for sessions
helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml
kubectl apply -f argocd.yml -f application-extras.yml -n argocd
kubectl -n argocd rollout restart deployment/k6-argocd-redis
kubectl -n argocd rollout restart deployment/k6-argocd-repo-server
kubectl -n argocd rollout restart deployment/k6-argocd-server
kubectl -n argocd rollout restart deployment/k6-argocd-notifications-controller
kubectl -n argocd rollout restart statefulset/k6-argocd-application-controller
kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd
Setting up Git secrets
Generate SSH key to access Gitea:
ssh-keygen -t ecdsa -f id_ecdsa -C argocd.k-space.ee -P ''
kubectl -n argocd create secret generic gitea-kube \
--from-literal=type=git \
--from-literal=url=git@git.k-space.ee:k-space/kube \
--from-file=sshPrivateKey=id_ecdsa
kubectl -n argocd create secret generic gitea-kube-staging \
--from-literal=type=git \
--from-literal=url=git@git.k-space.ee:k-space/kube-staging \
--from-file=sshPrivateKey=id_ecdsa
kubectl -n argocd create secret generic gitea-kube-members \
--from-literal=type=git \
--from-literal=url=git@git.k-space.ee:k-space/kube-members \
--from-file=sshPrivateKey=id_ecdsa
kubectl label -n argocd secret gitea-kube argocd.argoproj.io/secret-type=repository
kubectl label -n argocd secret gitea-kube-staging argocd.argoproj.io/secret-type=repository
kubectl label -n argocd secret gitea-kube-members argocd.argoproj.io/secret-type=repository
rm -fv id_ecdsa
Have Gitea admin reset password for user argocd and log in with that account.
Add the SSH key for user argocd from file id_ecdsa.pub.
Delete any other SSH keys associated with Gitea user argocd.
Managing applications
To update apps:
for j in asterisk bind camtiler etherpad freescout gitea grafana hackerspace nextcloud nyancat rosdump traefik wiki wildduck woodpecker; do
cat << EOF >> applications/$j.yaml
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: $j
namespace: argocd
spec:
project: k-space.ee
source:
repoURL: 'git@git.k-space.ee:k-space/kube.git'
path: $j
targetRevision: HEAD
destination:
server: 'https://kubernetes.default.svc'
namespace: $j
syncPolicy:
automated:
prune: true
syncOptions:
- CreateNamespace=true
EOF
done
find applications -name "*.yaml" -exec kubectl apply -n argocd -f {} \;