forked from k-space/kube
60 lines
1.9 KiB
Markdown
60 lines
1.9 KiB
Markdown
# Workflow
|
|
|
|
Most applications in our Kubernetes cluster are managed by ArgoCD.
|
|
|
|
|
|
# Deployment
|
|
|
|
To deploy ArgoCD:
|
|
|
|
```bash
|
|
helm repo add argo-cd https://argoproj.github.io/argo-helm
|
|
kubectl create secret -n argocd generic argocd-secret # Initialize empty secret for sessions
|
|
helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml
|
|
kubectl apply -f argocd.yml -n argocd
|
|
kubectl -n argocd rollout restart deployment/k6-argocd-redis
|
|
kubectl -n argocd rollout restart deployment/k6-argocd-repo-server
|
|
kubectl -n argocd rollout restart deployment/k6-argocd-server
|
|
kubectl -n argocd rollout restart deployment/k6-argocd-notifications-controller
|
|
kubectl -n argocd rollout restart statefulset/k6-argocd-application-controller
|
|
```
|
|
|
|
Note: Refer to Authelia README for OIDC secret setup
|
|
|
|
|
|
# Setting up Git secrets
|
|
|
|
Generate SSH key to access Gitea:
|
|
|
|
```
|
|
ssh-keygen -t ecdsa -f id_ecdsa -C argocd.k-space.ee -P ''
|
|
kubectl -n argocd create secret generic gitea-kube \
|
|
--from-literal=type=git \
|
|
--from-literal=url=git@git.k-space.ee:k-space/kube \
|
|
--from-file=sshPrivateKey=id_ecdsa
|
|
kubectl -n argocd create secret generic gitea-kube-staging \
|
|
--from-literal=type=git \
|
|
--from-literal=url=git@git.k-space.ee:k-space/kube-staging \
|
|
--from-file=sshPrivateKey=id_ecdsa
|
|
kubectl label -n argocd secret gitea-kube argocd.argoproj.io/secret-type=repository
|
|
kubectl label -n argocd secret gitea-kube-staging argocd.argoproj.io/secret-type=repository
|
|
rm -fv id_ecdsa
|
|
```
|
|
|
|
Have Gitea admin reset password for user `argocd` and log in with that account.
|
|
Add the SSH key for user `argocd` from file `id_ecdsa.pub`.
|
|
Delete any other SSH keys associated with Gitea user `argocd`.
|
|
|
|
|
|
# Adding applications
|
|
|
|
To add application make sure it's manifest is placed as `application.yml` in
|
|
the relevant namespace:
|
|
|
|
```
|
|
./update.sh
|
|
kubectl apply -n argocd -f applications --recursive
|
|
```
|
|
|
|
Do not manually add manifests under `applications/`
|