gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable cert-manager for admission webhook TLS in kube-prometheus-stack values.yaml to prevent Kyverno pre-hook Job failures during Argo sync. Update noble-platform.yaml to adjust Helm chart sources and maintain proper order for Kyverno and kube-prometheus-stack, ensuring correct resource management and deployment flow.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-03-28 02:25:59 -04:00
parent 1a3c8378d4
commit 90cd34c34f
2 changed files with 42 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
clusters/noble/bootstrap/argocd/apps/noble-platform.yaml
View File

@@ -1,8 +1,8 @@
# Multi-source: native Helm (no Kustomize helmCharts → no **--enable-helm**). One Git source uses
# **ref: values** (for **$values/...**) and **path** (Kustomize) together — see multiple_sources docs.
#
# UI: some Argo CD versions summarize multi-source apps oddly in the graph; the **Resource list**
# still reflects the merged set. **ServerSideApply** avoids huge CRD client-side apply annotations.
# Helm order: Kyverno before kube-prometheus so policy webhooks can resolve during sync; see
# **kube-prometheus-stack/values.yaml** (cert-manager admission TLS — avoids Kyverno failing pre-hook Jobs).
#
# https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/
apiVersion: argoproj.io/v1alpha1
@@ -15,30 +15,22 @@ metadata:
spec:
project: default
sources:
- repoURL: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetRevision: "82.15.1"
- repoURL: https://kyverno.github.io/kyverno/
chart: kyverno
targetRevision: "3.7.1"
helm:
releaseName: kube-prometheus
namespace: monitoring
releaseName: kyverno
namespace: kyverno
valueFiles:
- $values/clusters/noble/apps/kube-prometheus-stack/values.yaml
- repoURL: https://grafana.github.io/helm-charts
chart: loki
targetRevision: "6.55.0"
- $values/clusters/noble/apps/kyverno/values.yaml
- repoURL: https://kyverno.github.io/kyverno/
chart: kyverno-policies
targetRevision: "3.7.1"
helm:
releaseName: loki
namespace: loki
releaseName: kyverno-policies
namespace: kyverno
valueFiles:
- $values/clusters/noble/apps/loki/values.yaml
- repoURL: https://fluent.github.io/helm-charts
chart: fluent-bit
targetRevision: "0.56.0"
helm:
releaseName: fluent-bit
namespace: logging
valueFiles:
- $values/clusters/noble/apps/fluent-bit/values.yaml
- $values/clusters/noble/apps/kyverno/policies-values.yaml
- repoURL: https://bitnami-labs.github.io/sealed-secrets
chart: sealed-secrets
targetRevision: "2.18.4"
@@ -63,22 +55,30 @@ spec:
namespace: vault
valueFiles:
- $values/clusters/noble/apps/vault/values.yaml
- repoURL: https://kyverno.github.io/kyverno/
chart: kyverno
targetRevision: "3.7.1"
- repoURL: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetRevision: "82.15.1"
helm:
releaseName: kyverno
namespace: kyverno
releaseName: kube-prometheus
namespace: monitoring
valueFiles:
- $values/clusters/noble/apps/kyverno/values.yaml
- repoURL: https://kyverno.github.io/kyverno/
chart: kyverno-policies
targetRevision: "3.7.1"
- $values/clusters/noble/apps/kube-prometheus-stack/values.yaml
- repoURL: https://grafana.github.io/helm-charts
chart: loki
targetRevision: "6.55.0"
helm:
releaseName: kyverno-policies
namespace: kyverno
releaseName: loki
namespace: loki
valueFiles:
- $values/clusters/noble/apps/kyverno/policies-values.yaml
- $values/clusters/noble/apps/loki/values.yaml
- repoURL: https://fluent.github.io/helm-charts
chart: fluent-bit
targetRevision: "0.56.0"
helm:
releaseName: fluent-bit
namespace: logging
valueFiles:
- $values/clusters/noble/apps/fluent-bit/values.yaml
- repoURL: https://kubernetes-sigs.github.io/headlamp/
chart: headlamp
targetRevision: "0.40.1"