# Workflow Most applications in our Kubernetes cluster are managed by ArgoCD. Most notably operators are NOT managed by ArgoCD. Adding to `applications/`: `kubectl apply -f newapp.yaml` # Deployment To deploy ArgoCD: ```bash helm repo add argo-cd https://argoproj.github.io/argo-helm kubectl create secret -n argocd generic argocd-secret # Initialize empty secret for sessions helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml kubectl apply -f argocd.yml -f application-extras.yml -f redis.yaml -f monitoring.yml -n argocd kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd kubectl -n argocd rollout restart deployment/k6-argocd-redis deployment/k6-argocd-repo-server deployment/k6-argocd-server deployment/k6-argocd-notifications-controller statefulset/k6-argocd-application-controller ``` # Setting up Git secrets Generate SSH key to access Gitea: ``` ssh-keygen -t ecdsa -f id_ecdsa -C argocd.k-space.ee -P '' kubectl -n argocd create secret generic gitea-kube \ --from-literal=type=git \ --from-literal=url=git@git.k-space.ee:k-space/kube \ --from-file=sshPrivateKey=id_ecdsa kubectl -n argocd create secret generic gitea-kube-staging \ --from-literal=type=git \ --from-literal=url=git@git.k-space.ee:k-space/kube-staging \ --from-file=sshPrivateKey=id_ecdsa kubectl -n argocd create secret generic gitea-kube-members \ --from-literal=type=git \ --from-literal=url=git@git.k-space.ee:k-space/kube-members \ --from-file=sshPrivateKey=id_ecdsa kubectl -n argocd create secret generic gitea-members \ --from-literal=type=git \ --from-literal=url=git@git.k-space.ee:k-space/kube-members \ --from-file=sshPrivateKey=id_ecdsa kubectl label -n argocd secret gitea-kube argocd.argoproj.io/secret-type=repository kubectl label -n argocd secret gitea-kube-staging argocd.argoproj.io/secret-type=repository kubectl label -n argocd secret gitea-kube-members argocd.argoproj.io/secret-type=repository kubectl label -n argocd secret gitea-members argocd.argoproj.io/secret-type=repository rm -fv id_ecdsa ``` Have Gitea admin reset password for user `argocd` and log in with that account. Add the SSH key for user `argocd` from file `id_ecdsa.pub`. Delete any other SSH keys associated with Gitea user `argocd`. # Managing applications To update apps: ``` for j in asterisk bind camtiler etherpad freescout gitea grafana hackerspace nextcloud nyancat rosdump traefik wiki wildduck woodpecker; do cat << EOF >> applications/$j.yaml --- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: $j namespace: argocd annotations: # Works with only Kustomize and Helm. Kustomize is easy, see https://github.com/argoproj-labs/argocd-image-updater/tree/master/manifests/base for an example. argocd-image-updater.argoproj.io/image-list: TODO:^2 # semver 2.*.* argocd-image-updater.argoproj.io/write-back-method: git spec: project: k-space.ee source: repoURL: 'git@git.k-space.ee:k-space/kube.git' path: $j targetRevision: HEAD destination: server: 'https://kubernetes.default.svc' namespace: $j syncPolicy: automated: prune: true syncOptions: - CreateNamespace=true EOF done find applications -name "*.yaml" -exec kubectl apply -n argocd -f {} \; ```