kube/argocd/README.md

93 lines
3.3 KiB
Markdown
Raw Normal View History

2022-08-16 09:40:54 +00:00
# Workflow
Most applications in our Kubernetes cluster are managed by ArgoCD.
2023-08-29 06:29:36 +00:00
Most notably operators are NOT managed by ArgoCD.
2022-08-16 09:40:54 +00:00
2024-02-12 05:56:23 +00:00
Adding to `applications/`: `kubectl apply -f newapp.yaml`
2022-08-16 09:40:54 +00:00
# Deployment
To deploy ArgoCD:
```bash
helm repo add argo-cd https://argoproj.github.io/argo-helm
kubectl create secret -n argocd generic argocd-secret # Initialize empty secret for sessions
2024-12-15 02:14:52 +00:00
2022-08-16 09:40:54 +00:00
helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml
2024-12-15 02:14:52 +00:00
kubectl apply -f argocd.yml -f application-extras.yml -f redis.yaml -f monitoring.yml -n argocd
2023-07-28 09:21:50 +00:00
kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd
2024-12-15 02:14:52 +00:00
kubectl -n argocd rollout restart deployment/k6-argocd-redis deployment/k6-argocd-repo-server deployment/k6-argocd-server deployment/k6-argocd-notifications-controller statefulset/k6-argocd-application-controller
2022-08-16 09:40:54 +00:00
```
# Setting up Git secrets
Generate SSH key to access Gitea:
```
ssh-keygen -t ecdsa -f id_ecdsa -C argocd.k-space.ee -P ''
kubectl -n argocd create secret generic gitea-kube \
--from-literal=type=git \
--from-literal=url=git@git.k-space.ee:k-space/kube \
--from-file=sshPrivateKey=id_ecdsa
kubectl -n argocd create secret generic gitea-kube-staging \
--from-literal=type=git \
--from-literal=url=git@git.k-space.ee:k-space/kube-staging \
--from-file=sshPrivateKey=id_ecdsa
2022-09-17 05:06:19 +00:00
kubectl -n argocd create secret generic gitea-kube-members \
--from-literal=type=git \
--from-literal=url=git@git.k-space.ee:k-space/kube-members \
--from-file=sshPrivateKey=id_ecdsa
2024-08-24 16:23:17 +00:00
kubectl -n argocd create secret generic gitea-members \
--from-literal=type=git \
--from-literal=url=git@git.k-space.ee:k-space/kube-members \
--from-file=sshPrivateKey=id_ecdsa
2022-08-16 09:40:54 +00:00
kubectl label -n argocd secret gitea-kube argocd.argoproj.io/secret-type=repository
kubectl label -n argocd secret gitea-kube-staging argocd.argoproj.io/secret-type=repository
2022-09-17 05:06:19 +00:00
kubectl label -n argocd secret gitea-kube-members argocd.argoproj.io/secret-type=repository
2024-08-24 16:23:17 +00:00
kubectl label -n argocd secret gitea-members argocd.argoproj.io/secret-type=repository
2022-08-16 09:40:54 +00:00
rm -fv id_ecdsa
```
Have Gitea admin reset password for user `argocd` and log in with that account.
Add the SSH key for user `argocd` from file `id_ecdsa.pub`.
Delete any other SSH keys associated with Gitea user `argocd`.
2023-08-29 06:29:36 +00:00
# Managing applications
To update apps:
```
2024-08-03 00:34:56 +00:00
for j in asterisk bind camtiler etherpad freescout gitea grafana hackerspace nextcloud nyancat rosdump traefik wiki wildduck woodpecker; do
2023-08-29 06:29:36 +00:00
cat << EOF >> applications/$j.yaml
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: $j
namespace: argocd
2024-12-15 01:43:40 +00:00
annotations:
# Works with only Kustomize and Helm. Kustomize is easy, see https://github.com/argoproj-labs/argocd-image-updater/tree/master/manifests/base for an example.
argocd-image-updater.argoproj.io/image-list: TODO:^2 # semver 2.*.*
argocd-image-updater.argoproj.io/write-back-method: git
2023-08-29 06:29:36 +00:00
spec:
project: k-space.ee
source:
repoURL: 'git@git.k-space.ee:k-space/kube.git'
path: $j
targetRevision: HEAD
destination:
server: 'https://kubernetes.default.svc'
namespace: $j
syncPolicy:
automated:
prune: true
syncOptions:
- CreateNamespace=true
2023-08-29 06:29:36 +00:00
EOF
done
find applications -name "*.yaml" -exec kubectl apply -n argocd -f {} \;
```