Enable cert-manager for admission webhook TLS in kube-prometheus-stack values.yaml to prevent Kyverno pre-hook Job failures during Argo sync. Update noble-platform.yaml to adjust Helm chart sources and maintain proper order for Kyverno and kube-prometheus-stack, ensuring correct resource management and deployment flow.
This commit is contained in:
Nikholas Pcenicni
@@ -16,6 +16,14 @@
|
|||||||
#
|
#
|
||||||
# Grafana admin password: Secret `kube-prometheus-grafana` keys `admin-user` / `admin-password` unless you set grafana.adminPassword.
|
# Grafana admin password: Secret `kube-prometheus-grafana` keys `admin-user` / `admin-password` unless you set grafana.adminPassword.
|
||||||
|
|
||||||
|
# Use cert-manager for admission webhook TLS instead of Helm pre-hook Jobs (patch/create Secret).
|
||||||
|
# Those Jobs are validated by Kyverno before `kyverno-svc` exists during a single Argo sync, which fails.
|
||||||
|
# Requires cert-manager CRDs (bootstrap before this chart).
|
||||||
|
prometheusOperator:
|
||||||
|
admissionWebhooks:
|
||||||
|
certManager:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
# --- Longhorn-backed persistence (default chart storage is emptyDir) ---
|
# --- Longhorn-backed persistence (default chart storage is emptyDir) ---
|
||||||
alertmanager:
|
alertmanager:
|
||||||
alertmanagerSpec:
|
alertmanagerSpec:
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
# Multi-source: native Helm (no Kustomize helmCharts → no **--enable-helm**). One Git source uses
|
# Multi-source: native Helm (no Kustomize helmCharts → no **--enable-helm**). One Git source uses
|
||||||
# **ref: values** (for **$values/...**) and **path** (Kustomize) together — see multiple_sources docs.
|
# **ref: values** (for **$values/...**) and **path** (Kustomize) together — see multiple_sources docs.
|
||||||
#
|
#
|
||||||
# UI: some Argo CD versions summarize multi-source apps oddly in the graph; the **Resource list**
|
# Helm order: Kyverno before kube-prometheus so policy webhooks can resolve during sync; see
|
||||||
# still reflects the merged set. **ServerSideApply** avoids huge CRD client-side apply annotations.
|
# **kube-prometheus-stack/values.yaml** (cert-manager admission TLS — avoids Kyverno failing pre-hook Jobs).
|
||||||
#
|
#
|
||||||
# https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/
|
# https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
@@ -15,30 +15,22 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
sources:
|
sources:
|
||||||
- repoURL: https://prometheus-community.github.io/helm-charts
|
- repoURL: https://kyverno.github.io/kyverno/
|
||||||
chart: kube-prometheus-stack
|
chart: kyverno
|
||||||
targetRevision: "82.15.1"
|
targetRevision: "3.7.1"
|
||||||
helm:
|
helm:
|
||||||
releaseName: kube-prometheus
|
releaseName: kyverno
|
||||||
namespace: monitoring
|
namespace: kyverno
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/clusters/noble/apps/kube-prometheus-stack/values.yaml
|
- $values/clusters/noble/apps/kyverno/values.yaml
|
||||||
- repoURL: https://grafana.github.io/helm-charts
|
- repoURL: https://kyverno.github.io/kyverno/
|
||||||
chart: loki
|
chart: kyverno-policies
|
||||||
targetRevision: "6.55.0"
|
targetRevision: "3.7.1"
|
||||||
helm:
|
helm:
|
||||||
releaseName: loki
|
releaseName: kyverno-policies
|
||||||
namespace: loki
|
namespace: kyverno
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/clusters/noble/apps/loki/values.yaml
|
- $values/clusters/noble/apps/kyverno/policies-values.yaml
|
||||||
- repoURL: https://fluent.github.io/helm-charts
|
|
||||||
chart: fluent-bit
|
|
||||||
targetRevision: "0.56.0"
|
|
||||||
helm:
|
|
||||||
releaseName: fluent-bit
|
|
||||||
namespace: logging
|
|
||||||
valueFiles:
|
|
||||||
- $values/clusters/noble/apps/fluent-bit/values.yaml
|
|
||||||
- repoURL: https://bitnami-labs.github.io/sealed-secrets
|
- repoURL: https://bitnami-labs.github.io/sealed-secrets
|
||||||
chart: sealed-secrets
|
chart: sealed-secrets
|
||||||
targetRevision: "2.18.4"
|
targetRevision: "2.18.4"
|
||||||
@@ -63,22 +55,30 @@ spec:
|
|||||||
namespace: vault
|
namespace: vault
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/clusters/noble/apps/vault/values.yaml
|
- $values/clusters/noble/apps/vault/values.yaml
|
||||||
- repoURL: https://kyverno.github.io/kyverno/
|
- repoURL: https://prometheus-community.github.io/helm-charts
|
||||||
chart: kyverno
|
chart: kube-prometheus-stack
|
||||||
targetRevision: "3.7.1"
|
targetRevision: "82.15.1"
|
||||||
helm:
|
helm:
|
||||||
releaseName: kyverno
|
releaseName: kube-prometheus
|
||||||
namespace: kyverno
|
namespace: monitoring
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/clusters/noble/apps/kyverno/values.yaml
|
- $values/clusters/noble/apps/kube-prometheus-stack/values.yaml
|
||||||
- repoURL: https://kyverno.github.io/kyverno/
|
- repoURL: https://grafana.github.io/helm-charts
|
||||||
chart: kyverno-policies
|
chart: loki
|
||||||
targetRevision: "3.7.1"
|
targetRevision: "6.55.0"
|
||||||
helm:
|
helm:
|
||||||
releaseName: kyverno-policies
|
releaseName: loki
|
||||||
namespace: kyverno
|
namespace: loki
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/clusters/noble/apps/kyverno/policies-values.yaml
|
- $values/clusters/noble/apps/loki/values.yaml
|
||||||
|
- repoURL: https://fluent.github.io/helm-charts
|
||||||
|
chart: fluent-bit
|
||||||
|
targetRevision: "0.56.0"
|
||||||
|
helm:
|
||||||
|
releaseName: fluent-bit
|
||||||
|
namespace: logging
|
||||||
|
valueFiles:
|
||||||
|
- $values/clusters/noble/apps/fluent-bit/values.yaml
|
||||||
- repoURL: https://kubernetes-sigs.github.io/headlamp/
|
- repoURL: https://kubernetes-sigs.github.io/headlamp/
|
||||||
chart: headlamp
|
chart: headlamp
|
||||||
targetRevision: "0.40.1"
|
targetRevision: "0.40.1"
|
||||||
|
|||||||
Reference in New Issue
Block a user