gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update .gitignore to include generated noble-lab-ui-urls.md and enhance README.md with new role documentation. Refactor noble.yml to incorporate noble_landing_urls role for improved URL management. Add ingress configurations for alertmanager, prometheus, longhorn, and vault to support TLS termination via Traefik. Update network policies and values.yaml for vault to allow traffic from Traefik. These changes aim to streamline deployment and enhance service accessibility.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-03-28 16:32:21 -04:00
parent a48ac16c14
commit 0e8eaa2f0d
15 changed files with 284 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/noble/bootstrap/argocd/README.md
View File

@@ -35,6 +35,17 @@ echo
Change the password in the UI or via `argocd account update-password`.
### TLS: changing ClusterIssuer (e.g. staging → prod)
If **`helm upgrade --wait`** fails with *Secret was previously issued by `letsencrypt-staging`* (or another issuer), cert-manager will not replace the TLS Secret in place. Remove the old cert material once, then upgrade again:
```bash
kubectl -n argocd delete certificate argocd-server --ignore-not-found
kubectl -n argocd delete secret argocd-server-tls --ignore-not-found
helm upgrade --install argocd argo/argo-cd -n argocd --create-namespace \
--version 9.4.17 -f clusters/noble/bootstrap/argocd/values.yaml --wait
```
## 3. Register this repo (if private)
Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` of type `repository`.

7
clusters/noble/bootstrap/argocd/values.yaml
View File

@@ -32,17 +32,20 @@ server:
certificate:
enabled: true
domain: argo.apps.noble.lab.pcenicni.dev
# If you change issuer.name, delete Certificate/Secret once so cert-manager can re-issue (see README.md).
issuer:
group: cert-manager.io
kind: ClusterIssuer
name: letsencrypt-staging
name: letsencrypt-prod
ingress:
enabled: true
ingressClassName: traefik
hostname: argo.apps.noble.lab.pcenicni.dev
tls: true
annotations: {}
# Traefik terminates TLS; Argo serves HTTP/2 cleartext (insecure). Without h2c, UI/API can 404 or fail gRPC.
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: h2c
service:
type: ClusterIP