1
0
forked from k-space/kube
kube/argocd
2022-11-05 20:55:52 +02:00
..
applications Add logmower 2022-11-05 20:55:52 +02:00
.gitignore Initial commit 2022-08-25 11:22:50 +03:00
monitoring.yml Migrate to Prometheus Operator 2022-09-11 16:38:16 +03:00
README.md argocd: Add members repo 2022-09-17 08:06:19 +03:00
values.yaml Switch to wildcard *.k-space.ee certificate 2022-10-14 14:32:36 +03:00

Workflow

Most applications in our Kubernetes cluster are managed by ArgoCD.

Deployment

To deploy ArgoCD:

helm repo add argo-cd https://argoproj.github.io/argo-helm
kubectl create secret -n argocd generic argocd-secret # Initialize empty secret for sessions
helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml
kubectl apply -f argocd.yml -n argocd
kubectl -n argocd rollout restart deployment/k6-argocd-redis
kubectl -n argocd rollout restart deployment/k6-argocd-repo-server
kubectl -n argocd rollout restart deployment/k6-argocd-server
kubectl -n argocd rollout restart deployment/k6-argocd-notifications-controller
kubectl -n argocd rollout restart statefulset/k6-argocd-application-controller

Note: Refer to Authelia README for OIDC secret setup

Setting up Git secrets

Generate SSH key to access Gitea:

ssh-keygen -t ecdsa -f id_ecdsa -C argocd.k-space.ee -P ''
kubectl -n argocd create secret generic gitea-kube \
  --from-literal=type=git \
  --from-literal=url=git@git.k-space.ee:k-space/kube \
  --from-file=sshPrivateKey=id_ecdsa
kubectl -n argocd create secret generic gitea-kube-staging \
  --from-literal=type=git \
  --from-literal=url=git@git.k-space.ee:k-space/kube-staging \
  --from-file=sshPrivateKey=id_ecdsa
kubectl -n argocd create secret generic gitea-kube-members \
  --from-literal=type=git \
  --from-literal=url=git@git.k-space.ee:k-space/kube-members \
  --from-file=sshPrivateKey=id_ecdsa
kubectl label -n argocd secret gitea-kube argocd.argoproj.io/secret-type=repository
kubectl label -n argocd secret gitea-kube-staging argocd.argoproj.io/secret-type=repository
kubectl label -n argocd secret gitea-kube-members argocd.argoproj.io/secret-type=repository
rm -fv id_ecdsa

Have Gitea admin reset password for user argocd and log in with that account. Add the SSH key for user argocd from file id_ecdsa.pub. Delete any other SSH keys associated with Gitea user argocd.