Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.
This commit is contained in:
Nikholas Pcenicni
7
clusters/noble/apps/README.md
Normal file
7
clusters/noble/apps/README.md
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
# Argo CD — optional applications (non-bootstrap)
|
||||||
|
|
||||||
|
**Base cluster configuration** (CNI, MetalLB, ingress, cert-manager, storage, observability stack, policy, Vault, etc.) is installed by **`ansible/playbooks/noble.yml`** from **`clusters/noble/bootstrap/`** — not from here.
|
||||||
|
|
||||||
|
**`noble-root`** (`clusters/noble/bootstrap/argocd/root-application.yaml`) points at **`clusters/noble/apps`**. Add **`Application`** manifests (and optional **`AppProject`** definitions) under this directory only for workloads that are additive and do not subsume the Ansible-managed platform.
|
||||||
|
|
||||||
|
For an app-of-apps pattern, use a second-level **`Application`** that syncs a subdirectory (for example **`optional/`**) containing leaf **`Application`** resources.
|
||||||
@@ -1,17 +1,6 @@
|
|||||||
# Plain Kustomize only (namespaces + extra YAML). Helm installs are driven by **ansible/playbooks/noble.yml**
|
# Argo CD **noble-root** syncs this directory. Add **Application** / **AppProject** manifests only for
|
||||||
# (role **noble_platform**) — avoids **kustomize --enable-helm** in-repo.
|
# optional workloads that do not replace Ansible bootstrap (CNI, ingress, storage, core observability, etc.).
|
||||||
|
# Helm value files for those apps can live in subdirectories here (for example **./homepage/values.yaml**).
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
resources: []
|
||||||
resources:
|
|
||||||
- kube-prometheus-stack/namespace.yaml
|
|
||||||
- loki/namespace.yaml
|
|
||||||
- fluent-bit/namespace.yaml
|
|
||||||
- sealed-secrets/namespace.yaml
|
|
||||||
- external-secrets/namespace.yaml
|
|
||||||
- vault/namespace.yaml
|
|
||||||
- kyverno/namespace.yaml
|
|
||||||
- headlamp/namespace.yaml
|
|
||||||
- grafana-loki-datasource/loki-datasource.yaml
|
|
||||||
- vault/unseal-cronjob.yaml
|
|
||||||
- vault/cilium-network-policy.yaml
|
|
||||||
|
|||||||
@@ -1,17 +0,0 @@
|
|||||||
# Argo CD — app-of-apps children (optional GitOps only)
|
|
||||||
|
|
||||||
**Core platform is Ansible-managed** — see repository **`ansible/README.md`** and **`ansible/playbooks/noble.yml`**.
|
|
||||||
|
|
||||||
This directory’s **`kustomization.yaml`** has **`resources: []`** so **`noble-root`** (if applied) does not reconcile Helm charts or cluster add-ons. **Add `Application` manifests here only** for apps you want Argo to manage (for example, sample workloads or third-party charts not covered by the bootstrap playbook).
|
|
||||||
|
|
||||||
| Previous (removed) | Now |
|
|
||||||
|--------------------|-----|
|
|
||||||
| **`noble-kyverno`**, **`noble-kyverno-policies`**, **`noble-platform`** | Installed by Ansible roles **`noble_kyverno`**, **`noble_kyverno_policies`**, **`noble_platform`** |
|
|
||||||
|
|
||||||
If you previously synced **`noble-root`** with the old child manifests, delete stale Applications on the cluster:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
kubectl delete application -n argocd noble-platform noble-kyverno noble-kyverno-policies --ignore-not-found
|
|
||||||
```
|
|
||||||
|
|
||||||
Then re-apply **`root-application.yaml`** so Argo matches this repo.
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
# Intentionally empty: core platform (CNI, ingress, storage, observability, policy, etc.) is
|
|
||||||
# installed by **ansible/playbooks/noble.yml** — not by Argo CD. Add optional Application
|
|
||||||
# manifests here only for workloads you want GitOps-managed.
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources: []
|
|
||||||
17
clusters/noble/bootstrap/kustomization.yaml
Normal file
17
clusters/noble/bootstrap/kustomization.yaml
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
# Plain Kustomize only (namespaces + extra YAML). Helm installs are driven by **ansible/playbooks/noble.yml**
|
||||||
|
# (role **noble_platform**) — avoids **kustomize --enable-helm** in-repo.
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- kube-prometheus-stack/namespace.yaml
|
||||||
|
- loki/namespace.yaml
|
||||||
|
- fluent-bit/namespace.yaml
|
||||||
|
- sealed-secrets/namespace.yaml
|
||||||
|
- external-secrets/namespace.yaml
|
||||||
|
- vault/namespace.yaml
|
||||||
|
- kyverno/namespace.yaml
|
||||||
|
- headlamp/namespace.yaml
|
||||||
|
- grafana-loki-datasource/loki-datasource.yaml
|
||||||
|
- vault/unseal-cronjob.yaml
|
||||||
|
- vault/cilium-network-policy.yaml
|
||||||
Reference in New Issue
Block a user