Enable pre-upgrade job for Longhorn in values.yaml, update MetalLB README for clarity on LoadBalancer IP assignment, and enhance Talos configuration with node IP validation for VIPs. Update cluster build documentation to reflect new application versions and configurations.

2026-03-27 23:45:00 -04:00
parent d2c53fc553
commit 2a64f40f93
21 changed files with 452 additions and 27 deletions
--- a/clusters/noble/bootstrap/argocd/README.md
+++ b/clusters/noble/bootstrap/argocd/README.md
@@ -0,0 +1,52 @@
+# Argo CD — noble (bootstrap)
+
+**Prerequisites:** cluster **Ready**, **MetalLB** pool **`192.168.50.210`–`229`** (Argo CD uses **`192.168.50.210`**; Traefik **`192.168.50.211`**).
+
+## 1. Install
+
+```bash
+helm repo add argo https://argoproj.github.io/argo-helm
+helm repo update
+helm upgrade --install argocd argo/argo-cd \
+  --namespace argocd \
+  --create-namespace \
+  --version 9.4.17 \
+  -f clusters/noble/bootstrap/argocd/values.yaml \
+  --wait
+```
+
+## 2. UI / CLI address
+
+```bash
+kubectl get svc -n argocd argocd-server
+```
+
+**LoadBalancer** should show **`192.168.50.210`**. Log in as **`admin`**; initial password:
+
+```bash
+kubectl -n argocd get secret argocd-initial-admin-secret \
+  -o jsonpath='{.data.password}' | base64 -d
+echo
+```
+
+Change the password in the UI or via `argocd account update-password`.
+
+## 3. Register this repo (if private)
+
+Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` of type `repository`.
+
+## 4. App-of-apps (optional)
+
+1. Edit **`root-application.yaml`**: set **`repoURL`** and **`targetRevision`** to this repository.
+2. Commit **`Application`** manifests under **`apps/`** (see **`apps/README.md`**).
+3. Apply the root:
+
+   ```bash
+   kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
+   ```
+
+Until **`apps/`** contains valid **`Application`** resources, the root app may show **OutOfSync** or sync nothing — that is expected.
+
+## Versions
+
+Pinned in **`values.yaml`** comments (chart **9.4.17** / Argo CD **v3.3.6** at time of writing). Bump **`--version`** when upgrading.
--- a/clusters/noble/bootstrap/argocd/apps/README.md
+++ b/clusters/noble/bootstrap/argocd/apps/README.md
@@ -0,0 +1,10 @@
+# Argo CD — app-of-apps children
+
+Add **`Application`** manifests here (one file per workload or group). The **`noble-root`** Application in the parent directory syncs this folder.
+
+Example patterns:
+
+- **Helm:** `spec.source` with `chart`, `repoURL` (Helm repo), and `helm.valueFiles` pointing at paths in the same git repo.
+- **Kustomize / plain manifests:** `spec.source.path` to a directory of YAML.
+
+The historical **`clusters/noble/apps/*`** tree is written for **manual `helm upgrade`**; migrating each app to an Argo CD `Application` is optional follow-up work.
--- a/clusters/noble/bootstrap/argocd/root-application.yaml
+++ b/clusters/noble/bootstrap/argocd/root-application.yaml
@@ -0,0 +1,30 @@
+# App-of-apps root — apply after Argo CD is running.
+#
+# 1. Set spec.source.repoURL (and targetRevision) to this git repository.
+# 2. kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
+#
+# Syncs **Application** YAMLs under **apps/** (add workloads there). Do **not**
+# point at **clusters/noble/apps/** — that tree is Helm values for manual installs.
+#
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: noble-root
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
+    targetRevision: main
+    path: clusters/noble/bootstrap/argocd/apps
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
--- a/clusters/noble/bootstrap/argocd/values.yaml
+++ b/clusters/noble/bootstrap/argocd/values.yaml
@@ -0,0 +1,25 @@
+# Argo CD — noble lab (GitOps)
+#
+# Chart: argo/argo-cd — pin version on the helm command (e.g. 9.4.17).
+# MetalLB: Argo CD UI/API uses pool IP **192.168.50.210** (Traefik stays **192.168.50.211**).
+#
+# helm repo add argo https://argoproj.github.io/argo-helm
+# helm upgrade --install argocd argo/argo-cd -n argocd --create-namespace \
+#   --version 9.4.17 -f clusters/noble/bootstrap/argocd/values.yaml --wait
+#
+# Initial admin password: kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d
+#
+# Optional: kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
+
+global:
+  domain: ""
+
+configs:
+  params:
+    server.insecure: false
+
+server:
+  service:
+    type: LoadBalancer
+    annotations:
+      metallb.io/loadBalancerIPs: 192.168.50.210