k-space/kube
12
1
Fork 3
Code Issues 61 Pull Requests 1 Wiki Activity
Files
c51f7368e2407ad5a55c469bed16aa0deb094232
kube/argocd
History
rasmus c51f7368e2 argocd: use traefik's wildcard tls 
It was getting its own argocd.k-space.ee via CR.
and probably it failed to update it since in reality
ingress.tls.enable was false. Maybe also diff
ArgoCD versions.
2025-07-26 11:57:06 +03:00
..
applications
kustomize grafana
2025-07-24 09:36:54 +03:00
.gitignore
Initial commit
2022-08-25 11:22:50 +03:00
application-extras.yml
argo: add localhost callback for CLI login
2024-12-15 05:39:41 +02:00
deploy_key.pub
move members repo to secretspace
2025-05-03 15:05:59 +03:00
monitoring.yml
Migrate to Prometheus Operator
2022-09-11 16:38:16 +03:00
README.md
argo: tidy
2025-04-20 19:18:59 +03:00
redis.yaml
argocd: Move to DragonflyDB and add resource customizations
2024-08-27 12:41:24 +03:00
values.yaml
argocd: use traefik's wildcard tls
2025-07-26 11:57:06 +03:00

README.md

Most applications in our Kubernetes cluster are managed by ArgoCD. Most notably operators are NOT managed by ArgoCD.

Managing applications

Update apps (see TODO below):

for j in asterisk bind camtiler etherpad freescout gitea grafana hackerspace nextcloud nyancat rosdump traefik wiki wildduck; do
cat << EOF >> applications/$j.yaml
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: $j
  namespace: argocd
  annotations:
    # Works with only Kustomize and Helm. Kustomize is easy, see https://github.com/argoproj-labs/argocd-image-updater/tree/master/manifests/base for an example.
    argocd-image-updater.argoproj.io/image-list: TODO:^2 # semver 2.*.*
    argocd-image-updater.argoproj.io/write-back-method: git
spec:
  project: k-space.ee
  source:
    repoURL: 'git@git.k-space.ee:k-space/kube.git'
    path: $j
    targetRevision: HEAD
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: $j
  syncPolicy:
    automated:
      prune: true
    syncOptions:
      - CreateNamespace=true
EOF
done
find applications -name "*.yaml" -exec kubectl apply -n argocd -f {} \;

Repository secrets

  1. Generate keys locally with ssh-keygen -f argo
  2. Add argo.pub in git.k-space.ee/<your>/<repo> → Settings → Deploy keys
  3. Add argo (private key) at https://argocd.k-space.ee/settings/repos along with referenced repo.

Argo Deployment

To deploy ArgoCD itself:

helm repo add argo-cd https://argoproj.github.io/argo-helm
kubectl create secret -n argocd generic argocd-secret # Empty secret for sessions
kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd

helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml
kubectl apply -f argocd.yml -f application-extras.yml -f redis.yaml -f monitoring.yml -n argocd

kubectl -n argocd rollout restart deployment/k6-argocd-redis deployment/k6-argocd-repo-server deployment/k6-argocd-server deployment/k6-argocd-notifications-controller statefulset/k6-argocd-application-controller

WARN: ArgoCD doesn't host its own redis, Dragonfly must be able to independently cold-start.