diff --git a/clusters/noble/apps/kustomization.yaml b/clusters/noble/apps/kustomization.yaml index c3187dc..ab3d642 100644 --- a/clusters/noble/apps/kustomization.yaml +++ b/clusters/noble/apps/kustomization.yaml @@ -1,5 +1,6 @@ -# Plain Kustomize (namespaces + extra YAML only). Helm charts are **Application** sources in -# **bootstrap/argocd/apps/noble-platform.yaml** so Argo CD does not need **kustomize --enable-helm**. +# Single Argo CD **source** (**noble-platform** → **path: clusters/noble/apps**) so the UI shows the +# full resource tree. Helm charts are inlined via **helmCharts**; requires **argocd-cm** +# **kustomize.buildOptions: --enable-helm** (see **bootstrap/argocd/values.yaml**). apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization @@ -15,3 +16,60 @@ resources: - grafana-loki-datasource/loki-datasource.yaml - vault/unseal-cronjob.yaml - vault/cilium-network-policy.yaml + +helmCharts: + - name: kube-prometheus-stack + repo: https://prometheus-community.github.io/helm-charts + version: 82.15.1 + releaseName: kube-prometheus + namespace: monitoring + valuesFile: kube-prometheus-stack/values.yaml + includeCRDs: true + - name: loki + repo: https://grafana.github.io/helm-charts + version: 6.55.0 + releaseName: loki + namespace: loki + valuesFile: loki/values.yaml + - name: fluent-bit + repo: https://fluent.github.io/helm-charts + version: 0.56.0 + releaseName: fluent-bit + namespace: logging + valuesFile: fluent-bit/values.yaml + - name: sealed-secrets + repo: https://bitnami-labs.github.io/sealed-secrets + version: 2.18.4 + releaseName: sealed-secrets + namespace: sealed-secrets + valuesFile: sealed-secrets/values.yaml + - name: external-secrets + repo: https://charts.external-secrets.io + version: 2.2.0 + releaseName: external-secrets + namespace: external-secrets + valuesFile: external-secrets/values.yaml + - name: vault + repo: https://helm.releases.hashicorp.com + version: 0.32.0 + releaseName: vault + namespace: vault + valuesFile: vault/values.yaml + - name: kyverno + repo: https://kyverno.github.io/kyverno/ + version: 3.7.1 + releaseName: kyverno + namespace: kyverno + valuesFile: kyverno/values.yaml + - name: kyverno-policies + repo: https://kyverno.github.io/kyverno/ + version: 3.7.1 + releaseName: kyverno-policies + namespace: kyverno + valuesFile: kyverno/policies-values.yaml + - name: headlamp + repo: https://kubernetes-sigs.github.io/headlamp/ + version: 0.40.1 + releaseName: headlamp + namespace: headlamp + valuesFile: headlamp/values.yaml diff --git a/clusters/noble/bootstrap/argocd/README.md b/clusters/noble/bootstrap/argocd/README.md index 37c7c26..2b3c256 100644 --- a/clusters/noble/bootstrap/argocd/README.md +++ b/clusters/noble/bootstrap/argocd/README.md @@ -49,7 +49,7 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml ``` -**`apps/noble-platform.yaml`** lists Helm charts and a Git **`path`** for **`clusters/noble/apps`** (see **`kustomization.yaml`** there). +**`apps/noble-platform.yaml`** uses one Git **`path`** (**`clusters/noble/apps`**) so the UI shows the full workload tree; **`kustomization.yaml`** there uses **helmCharts** plus **`values.yaml`** from each app. ## Versions diff --git a/clusters/noble/bootstrap/argocd/apps/README.md b/clusters/noble/bootstrap/argocd/apps/README.md index 8d66922..6ed1986 100644 --- a/clusters/noble/bootstrap/argocd/apps/README.md +++ b/clusters/noble/bootstrap/argocd/apps/README.md @@ -2,4 +2,4 @@ **`noble-root`** syncs this directory. Keep **one** child Application (**`noble-platform`**) so the UI does not list every Helm release separately. -- **`noble-platform.yaml`** — one **Application** with **multiple sources**: Helm charts from upstream repos plus a Git **`ref: values`** entry that supplies **`$values/.../values.yaml`** and **`path: clusters/noble/apps`** for plain **Kustomize** (namespaces + extra YAML only). No **`kustomize --enable-helm`** required. +- **`noble-platform.yaml`** — a **single** **`source`** pointing at **`clusters/noble/apps`** (**`kustomization.yaml`**). Helm charts are **not** separate `sources` entries: multi-source apps are poorly represented in the UI (often only one source’s manifests appear in the tree). **`kustomize.buildOptions: --enable-helm`** is set in **`argocd-cm`** via **`values.yaml`** so Kustomize can expand **helmCharts**. diff --git a/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml b/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml index d03d2a8..545ec23 100644 --- a/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml +++ b/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml @@ -1,8 +1,9 @@ -# Noble cluster workloads — one Application row: Helm charts (native sources) + Git/Kustomize -# for plain YAML. Values come from this repo via **$values** (last source). Release names match -# the per-app README **helm upgrade --install** commands. +# Noble cluster workloads — **single** `source` so Argo CD’s resource tree lists all rendered +# objects (Helm + Kustomize). **spec.sources** (multi-source) is limited in the UI and often +# shows only one source’s manifests (e.g. plain Kustomize without chart workloads). # -# https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/ +# Renders **clusters/noble/apps** via **kustomization.yaml** (helmCharts + resources). +# Requires **kustomize.buildOptions: --enable-helm** in **argocd-cm** (see **values.yaml**). apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -12,83 +13,10 @@ metadata: - resources-finalizer.argocd.argoproj.io/background spec: project: default - sources: - - repoURL: https://prometheus-community.github.io/helm-charts - chart: kube-prometheus-stack - targetRevision: "82.15.1" - helm: - releaseName: kube-prometheus - namespace: monitoring - valueFiles: - - $values/clusters/noble/apps/kube-prometheus-stack/values.yaml - - repoURL: https://grafana.github.io/helm-charts - chart: loki - targetRevision: "6.55.0" - helm: - releaseName: loki - namespace: loki - valueFiles: - - $values/clusters/noble/apps/loki/values.yaml - - repoURL: https://fluent.github.io/helm-charts - chart: fluent-bit - targetRevision: "0.56.0" - helm: - releaseName: fluent-bit - namespace: logging - valueFiles: - - $values/clusters/noble/apps/fluent-bit/values.yaml - - repoURL: https://bitnami-labs.github.io/sealed-secrets - chart: sealed-secrets - targetRevision: "2.18.4" - helm: - releaseName: sealed-secrets - namespace: sealed-secrets - valueFiles: - - $values/clusters/noble/apps/sealed-secrets/values.yaml - - repoURL: https://charts.external-secrets.io - chart: external-secrets - targetRevision: "2.2.0" - helm: - releaseName: external-secrets - namespace: external-secrets - valueFiles: - - $values/clusters/noble/apps/external-secrets/values.yaml - - repoURL: https://helm.releases.hashicorp.com - chart: vault - targetRevision: "0.32.0" - helm: - releaseName: vault - namespace: vault - valueFiles: - - $values/clusters/noble/apps/vault/values.yaml - - repoURL: https://kyverno.github.io/kyverno/ - chart: kyverno - targetRevision: "3.7.1" - helm: - releaseName: kyverno - namespace: kyverno - valueFiles: - - $values/clusters/noble/apps/kyverno/values.yaml - - repoURL: https://kyverno.github.io/kyverno/ - chart: kyverno-policies - targetRevision: "3.7.1" - helm: - releaseName: kyverno-policies - namespace: kyverno - valueFiles: - - $values/clusters/noble/apps/kyverno/policies-values.yaml - - repoURL: https://kubernetes-sigs.github.io/headlamp/ - chart: headlamp - targetRevision: "0.40.1" - helm: - releaseName: headlamp - namespace: headlamp - valueFiles: - - $values/clusters/noble/apps/headlamp/values.yaml - - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git - targetRevision: main - ref: values - path: clusters/noble/apps + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: main + path: clusters/noble/apps destination: server: https://kubernetes.default.svc namespace: default diff --git a/clusters/noble/bootstrap/argocd/root-application.yaml b/clusters/noble/bootstrap/argocd/root-application.yaml index 8e2c466..0b4ed25 100644 --- a/clusters/noble/bootstrap/argocd/root-application.yaml +++ b/clusters/noble/bootstrap/argocd/root-application.yaml @@ -4,8 +4,9 @@ # 2. kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml # # Syncs **Application** YAMLs under **apps/** (today: **noble-platform**). Cluster -# workloads are defined by **clusters/noble/apps/kustomization.yaml** (plain Kustomize) -# and **apps/noble-platform.yaml** (Helm chart sources); per-app **values.yaml** and READMEs stay the source of truth for versions. +# workloads are defined by **clusters/noble/apps/kustomization.yaml** (Kustomize + **helmCharts**); +# **apps/noble-platform.yaml** uses a single Git **source** for a full UI resource tree. Per-app **values.yaml** +# and READMEs stay the source of truth for chart versions. # apiVersion: argoproj.io/v1alpha1 kind: Application diff --git a/clusters/noble/bootstrap/argocd/values.yaml b/clusters/noble/bootstrap/argocd/values.yaml index b606dab..e32499c 100644 --- a/clusters/noble/bootstrap/argocd/values.yaml +++ b/clusters/noble/bootstrap/argocd/values.yaml @@ -17,6 +17,10 @@ global: domain: argo.apps.noble.lab.pcenicni.dev configs: + # Required for **helmCharts** in **clusters/noble/apps/kustomization.yaml** (Kustomize Helm inflation). + # After changing this, **helm upgrade** argo-cd; the chart rolls repo-server when **argocd-cm** checksum changes. + cm: + kustomize.buildOptions: "--enable-helm" params: # TLS terminates at Traefik / cert-manager; Argo CD serves HTTP behind the Ingress. server.insecure: true