Refactor Argo CD application configuration to adopt a multi-source approach for noble-platform, removing Helm chart definitions from kustomization.yaml. Update noble-platform.yaml to directly reference Helm chart sources and clarify documentation in README.md and apps/README.md regarding the new structure and resource representation in the UI.
This commit is contained in:
Nikholas Pcenicni
@@ -1,6 +1,5 @@
|
|||||||
# Single Argo CD **source** (**noble-platform** → **path: clusters/noble/apps**) so the UI shows the
|
# Plain Kustomize only (namespaces + extra YAML). Helm charts are **Application** sources in
|
||||||
# full resource tree. Helm charts are inlined via **helmCharts**; requires **argocd-cm**
|
# **bootstrap/argocd/apps/noble-platform.yaml** — avoids **kustomize --enable-helm** on repo-server.
|
||||||
# **kustomize.buildOptions: --enable-helm** (see **bootstrap/argocd/values.yaml**).
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
@@ -16,60 +15,3 @@ resources:
|
|||||||
- grafana-loki-datasource/loki-datasource.yaml
|
- grafana-loki-datasource/loki-datasource.yaml
|
||||||
- vault/unseal-cronjob.yaml
|
- vault/unseal-cronjob.yaml
|
||||||
- vault/cilium-network-policy.yaml
|
- vault/cilium-network-policy.yaml
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: kube-prometheus-stack
|
|
||||||
repo: https://prometheus-community.github.io/helm-charts
|
|
||||||
version: 82.15.1
|
|
||||||
releaseName: kube-prometheus
|
|
||||||
namespace: monitoring
|
|
||||||
valuesFile: kube-prometheus-stack/values.yaml
|
|
||||||
includeCRDs: true
|
|
||||||
- name: loki
|
|
||||||
repo: https://grafana.github.io/helm-charts
|
|
||||||
version: 6.55.0
|
|
||||||
releaseName: loki
|
|
||||||
namespace: loki
|
|
||||||
valuesFile: loki/values.yaml
|
|
||||||
- name: fluent-bit
|
|
||||||
repo: https://fluent.github.io/helm-charts
|
|
||||||
version: 0.56.0
|
|
||||||
releaseName: fluent-bit
|
|
||||||
namespace: logging
|
|
||||||
valuesFile: fluent-bit/values.yaml
|
|
||||||
- name: sealed-secrets
|
|
||||||
repo: https://bitnami-labs.github.io/sealed-secrets
|
|
||||||
version: 2.18.4
|
|
||||||
releaseName: sealed-secrets
|
|
||||||
namespace: sealed-secrets
|
|
||||||
valuesFile: sealed-secrets/values.yaml
|
|
||||||
- name: external-secrets
|
|
||||||
repo: https://charts.external-secrets.io
|
|
||||||
version: 2.2.0
|
|
||||||
releaseName: external-secrets
|
|
||||||
namespace: external-secrets
|
|
||||||
valuesFile: external-secrets/values.yaml
|
|
||||||
- name: vault
|
|
||||||
repo: https://helm.releases.hashicorp.com
|
|
||||||
version: 0.32.0
|
|
||||||
releaseName: vault
|
|
||||||
namespace: vault
|
|
||||||
valuesFile: vault/values.yaml
|
|
||||||
- name: kyverno
|
|
||||||
repo: https://kyverno.github.io/kyverno/
|
|
||||||
version: 3.7.1
|
|
||||||
releaseName: kyverno
|
|
||||||
namespace: kyverno
|
|
||||||
valuesFile: kyverno/values.yaml
|
|
||||||
- name: kyverno-policies
|
|
||||||
repo: https://kyverno.github.io/kyverno/
|
|
||||||
version: 3.7.1
|
|
||||||
releaseName: kyverno-policies
|
|
||||||
namespace: kyverno
|
|
||||||
valuesFile: kyverno/policies-values.yaml
|
|
||||||
- name: headlamp
|
|
||||||
repo: https://kubernetes-sigs.github.io/headlamp/
|
|
||||||
version: 0.40.1
|
|
||||||
releaseName: headlamp
|
|
||||||
namespace: headlamp
|
|
||||||
valuesFile: headlamp/values.yaml
|
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o
|
|||||||
kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
|
kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
**`apps/noble-platform.yaml`** uses one Git **`path`** (**`clusters/noble/apps`**) so the UI shows the full workload tree; **`kustomization.yaml`** there uses **helmCharts** plus **`values.yaml`** from each app.
|
**`apps/noble-platform.yaml`** uses **multiple sources** (Helm repos + Git **`ref`/`path`**); **`clusters/noble/apps/kustomization.yaml`** is plain resources only — chart installs are **Helm** sources, not Kustomize **helmCharts**.
|
||||||
|
|
||||||
## Versions
|
## Versions
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,3 @@
|
|||||||
# Argo CD — app-of-apps children
|
# Argo CD — app-of-apps children
|
||||||
|
|
||||||
**`noble-root`** syncs this directory. Keep **one** child Application (**`noble-platform`**) so the UI does not list every Helm release separately.
|
**`noble-root`** syncs this directory. **`noble-platform`** is the only child Application: **Helm** chart sources + Git **`ref: values`** for **`$values`** paths + Git **`path`** for plain **Kustomize** under **`clusters/noble/apps`** (no **`helmCharts`** in **`kustomization.yaml`**, so repo-server does **not** need **`kustomize --enable-helm`**).
|
||||||
|
|
||||||
- **`noble-platform.yaml`** — a **single** **`source`** pointing at **`clusters/noble/apps`** (**`kustomization.yaml`**). Helm charts are **not** separate `sources` entries: multi-source apps are poorly represented in the UI (often only one source’s manifests appear in the tree). **`kustomize.buildOptions: --enable-helm`** is set in **`argocd-cm`** via **`values.yaml`** so Kustomize can expand **helmCharts**.
|
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
# Noble cluster workloads — **single** `source` so Argo CD’s resource tree lists all rendered
|
# Multi-source: native Helm (no Kustomize helmCharts → no **--enable-helm**). Git **ref: values**
|
||||||
# objects (Helm + Kustomize). **spec.sources** (multi-source) is limited in the UI and often
|
# supplies **$values/...** paths; second Git entry runs plain Kustomize over **clusters/noble/apps**.
|
||||||
# shows only one source’s manifests (e.g. plain Kustomize without chart workloads).
|
|
||||||
#
|
#
|
||||||
# Renders **clusters/noble/apps** via **kustomization.yaml** (helmCharts + resources).
|
# UI: some Argo CD versions summarize multi-source apps oddly in the graph; the **Resource list**
|
||||||
# Requires **kustomize.buildOptions: --enable-helm** in **argocd-cm** (see **values.yaml**).
|
# still reflects the merged set. **ServerSideApply** avoids huge CRD client-side apply annotations.
|
||||||
|
#
|
||||||
|
# https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
@@ -13,10 +14,85 @@ metadata:
|
|||||||
- resources-finalizer.argocd.argoproj.io/background
|
- resources-finalizer.argocd.argoproj.io/background
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
sources:
|
||||||
repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
|
- repoURL: https://prometheus-community.github.io/helm-charts
|
||||||
targetRevision: main
|
chart: kube-prometheus-stack
|
||||||
path: clusters/noble/apps
|
targetRevision: "82.15.1"
|
||||||
|
helm:
|
||||||
|
releaseName: kube-prometheus
|
||||||
|
namespace: monitoring
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/kube-prometheus-stack/values.yaml
|
||||||
|
- repoURL: https://grafana.github.io/helm-charts
|
||||||
|
chart: loki
|
||||||
|
targetRevision: "6.55.0"
|
||||||
|
helm:
|
||||||
|
releaseName: loki
|
||||||
|
namespace: loki
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/loki/values.yaml
|
||||||
|
- repoURL: https://fluent.github.io/helm-charts
|
||||||
|
chart: fluent-bit
|
||||||
|
targetRevision: "0.56.0"
|
||||||
|
helm:
|
||||||
|
releaseName: fluent-bit
|
||||||
|
namespace: logging
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/fluent-bit/values.yaml
|
||||||
|
- repoURL: https://bitnami-labs.github.io/sealed-secrets
|
||||||
|
chart: sealed-secrets
|
||||||
|
targetRevision: "2.18.4"
|
||||||
|
helm:
|
||||||
|
releaseName: sealed-secrets
|
||||||
|
namespace: sealed-secrets
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/sealed-secrets/values.yaml
|
||||||
|
- repoURL: https://charts.external-secrets.io
|
||||||
|
chart: external-secrets
|
||||||
|
targetRevision: "2.2.0"
|
||||||
|
helm:
|
||||||
|
releaseName: external-secrets
|
||||||
|
namespace: external-secrets
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/external-secrets/values.yaml
|
||||||
|
- repoURL: https://helm.releases.hashicorp.com
|
||||||
|
chart: vault
|
||||||
|
targetRevision: "0.32.0"
|
||||||
|
helm:
|
||||||
|
releaseName: vault
|
||||||
|
namespace: vault
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/vault/values.yaml
|
||||||
|
- repoURL: https://kyverno.github.io/kyverno/
|
||||||
|
chart: kyverno
|
||||||
|
targetRevision: "3.7.1"
|
||||||
|
helm:
|
||||||
|
releaseName: kyverno
|
||||||
|
namespace: kyverno
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/kyverno/values.yaml
|
||||||
|
- repoURL: https://kyverno.github.io/kyverno/
|
||||||
|
chart: kyverno-policies
|
||||||
|
targetRevision: "3.7.1"
|
||||||
|
helm:
|
||||||
|
releaseName: kyverno-policies
|
||||||
|
namespace: kyverno
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/kyverno/policies-values.yaml
|
||||||
|
- repoURL: https://kubernetes-sigs.github.io/headlamp/
|
||||||
|
chart: headlamp
|
||||||
|
targetRevision: "0.40.1"
|
||||||
|
helm:
|
||||||
|
releaseName: headlamp
|
||||||
|
namespace: headlamp
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/headlamp/values.yaml
|
||||||
|
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
|
||||||
|
targetRevision: main
|
||||||
|
ref: values
|
||||||
|
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
|
||||||
|
targetRevision: main
|
||||||
|
path: clusters/noble/apps
|
||||||
destination:
|
destination:
|
||||||
server: https://kubernetes.default.svc
|
server: https://kubernetes.default.svc
|
||||||
namespace: default
|
namespace: default
|
||||||
@@ -26,6 +102,4 @@ spec:
|
|||||||
selfHeal: true
|
selfHeal: true
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
# Large CRDs (Prometheus Operator, Kyverno, ESO) exceed kubectl’s ~256KiB annotation limit
|
|
||||||
# for last-applied-configuration; server-side apply avoids that.
|
|
||||||
- ServerSideApply=true
|
- ServerSideApply=true
|
||||||
|
|||||||
@@ -4,9 +4,8 @@
|
|||||||
# 2. kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
|
# 2. kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
|
||||||
#
|
#
|
||||||
# Syncs **Application** YAMLs under **apps/** (today: **noble-platform**). Cluster
|
# Syncs **Application** YAMLs under **apps/** (today: **noble-platform**). Cluster
|
||||||
# workloads are defined by **clusters/noble/apps/kustomization.yaml** (Kustomize + **helmCharts**);
|
# workloads: **apps/noble-platform.yaml** (Helm chart sources + Git/Kustomize); **clusters/noble/apps/**
|
||||||
# **apps/noble-platform.yaml** uses a single Git **source** for a full UI resource tree. Per-app **values.yaml**
|
# holds **values.yaml** and plain **kustomization.yaml** (resources only). Per-app READMEs stay the source of truth for versions.
|
||||||
# and READMEs stay the source of truth for chart versions.
|
|
||||||
#
|
#
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
|
|||||||
@@ -17,10 +17,6 @@ global:
|
|||||||
domain: argo.apps.noble.lab.pcenicni.dev
|
domain: argo.apps.noble.lab.pcenicni.dev
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
# Required for **helmCharts** in **clusters/noble/apps/kustomization.yaml** (Kustomize Helm inflation).
|
|
||||||
# After changing this, **helm upgrade** argo-cd; the chart rolls repo-server when **argocd-cm** checksum changes.
|
|
||||||
cm:
|
|
||||||
kustomize.buildOptions: "--enable-helm"
|
|
||||||
params:
|
params:
|
||||||
# TLS terminates at Traefik / cert-manager; Argo CD serves HTTP behind the Ingress.
|
# TLS terminates at Traefik / cert-manager; Argo CD serves HTTP behind the Ingress.
|
||||||
server.insecure: true
|
server.insecure: true
|
||||||
|
|||||||
Reference in New Issue
Block a user