tigera-operator to argo (v3.28.1)

2025-04-20 20:43:56 +03:00 · 2025-04-20 20:43:56 +03:00 · 6d7cdbd9c6
commit 6d7cdbd9c6
parent 10585c7aff
6 changed files with 40 additions and 18 deletions
--- a/argocd/applications/tigera-operator.yaml
+++ b/argocd/applications/tigera-operator.yaml
@ -0,0 +1,23 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tigera-operator
+  namespace: argocd
+spec:
+  project: k-space.ee
+  source:
+    # also depends on git@git.k-space.ee:secretspace/kube.git
+    repoURL: git@git.k-space.ee:k-space/kube.git
+    targetRevision: HEAD
+    path: tigera-operator
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: tigera-operator
+  syncPolicy:
+    # automated:
+    #   prune: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true # Resource is too big to fit in 262144 bytes allowed annotation size.
+      - Force=true # `--force-conflicts`, according to https://docs.tigera.io/calico/latest/operations/upgrading/kubernetes-upgrade
--- a/tigera-operator/.gitignore
+++ b/tigera-operator/.gitignore
@ -1 +1 @@
-tigera-operator.yaml
+*.env
--- a/tigera-operator/README.md
+++ b/tigera-operator/README.md
@ -1,20 +1,10 @@
-# Calico
+# Calico (aka Tigera)

-Calico implements
-[container network interface plugin](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)
-which enables inter-pod network with BGP, also advertising Service LB IPs.
+Calico implements [container network interface plugin](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) which enables inter-pod network with BGP, also advertising Service LB IPs.

-# For user
-
-Nothing specific to point out, this is standard Kubernetes feature
-
-# For administrator
-
-Tigera operator was used to deploy Calico:
+Render and apply locally:

-```
-curl https://raw.githubusercontent.com/projectcalico/calico/v3.28.1/manifests/tigera-operator.yaml -O
-kubectl apply --server-side --force-conflicts -f tigera-operator.yaml
-kubectl apply -f application.yaml
-kubectl -n calico-system create secret generic bgp-secrets --from-literal=password=...
+```sh
+kustomize build . | kubectl diff -f-
+kustomize build . | kubectl apply --server-side --force-conflicts -f-
 ```
--- a/tigera-operator/bgp-secrets.env.example
+++ b/tigera-operator/bgp-secrets.env.example
@ -0,0 +1,2 @@
+# Don't be a dummy by commiting renders with secrets
+password=
--- a/tigera-operator/custom-resources.yaml
+++ b/tigera-operator/custom-resources.yaml
@ -93,4 +93,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: calico-node
-  namespace: calico-system  
+  namespace: calico-system
--- a/tigera-operator/kustomization.yaml
+++ b/tigera-operator/kustomization.yaml
@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://raw.githubusercontent.com/projectcalico/calico/v3.28.1/manifests/tigera-operator.yaml
+- ./custom-resources.yaml
+- ssh://git@git.k-space.ee/secretspace/kube/tigera-operator