From 092a6febe4c834c8f3b678c31fc519602bd0cdbc Mon Sep 17 00:00:00 2001
From: Nikholas Pcenicni <82239765+nikpcenicni@users.noreply.github.com>
Date: Fri, 27 Mar 2026 23:47:40 -0400
Subject: [PATCH] Update Argo CD values.yaml to configure Ingress with Traefik,
 enable TLS with cert-manager, and set server to insecure mode. Adjust domain
 settings and service type to ClusterIP for improved deployment configuration.

---
 clusters/noble/bootstrap/argocd/values.yaml | 28 ++++++++++++++++-----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/clusters/noble/bootstrap/argocd/values.yaml b/clusters/noble/bootstrap/argocd/values.yaml
index 200e2fd..f76e5dd 100644
--- a/clusters/noble/bootstrap/argocd/values.yaml
+++ b/clusters/noble/bootstrap/argocd/values.yaml
@@ -1,7 +1,9 @@
 # Argo CD — noble lab (GitOps)
 #
 # Chart: argo/argo-cd — pin version on the helm command (e.g. 9.4.17).
-# MetalLB: Argo CD UI/API uses pool IP **192.168.50.210** (Traefik stays **192.168.50.211**).
+# UI/API: **Ingress** via **Traefik** at **argo.apps.noble.lab.pcenicni.dev** (TLS: cert-manager
+# ClusterIssuer + **`server.insecure`** so TLS terminates at Traefik).
+# DNS: **`argo.apps.noble.lab.pcenicni.dev`** → Traefik LB **192.168.50.211** (same wildcard as apps).
 #
 # helm repo add argo https://argoproj.github.io/argo-helm
 # helm upgrade --install argocd argo/argo-cd -n argocd --create-namespace \
@@ -12,14 +14,28 @@
 # Optional: kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
 
 global:
-  domain: ""
+  domain: argo.apps.noble.lab.pcenicni.dev
 
 configs:
   params:
-    server.insecure: false
+    # TLS terminates at Traefik / cert-manager; Argo CD serves HTTP behind the Ingress.
+    server.insecure: true
 
 server:
+  certificate:
+    enabled: true
+    domain: argo.apps.noble.lab.pcenicni.dev
+    issuer:
+      group: cert-manager.io
+      kind: ClusterIssuer
+      name: letsencrypt-staging
+
+  ingress:
+    enabled: true
+    ingressClassName: traefik
+    hostname: argo.apps.noble.lab.pcenicni.dev
+    tls: true
+    annotations: {}
+
   service:
-    type: LoadBalancer
-    annotations:
-      metallb.io/loadBalancerIPs: 192.168.50.210
+    type: ClusterIP