diff --git a/clusters/noble/bootstrap/argocd/README.md b/clusters/noble/bootstrap/argocd/README.md index 0190815..2c44ea0 100644 --- a/clusters/noble/bootstrap/argocd/README.md +++ b/clusters/noble/bootstrap/argocd/README.md @@ -57,6 +57,8 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o 1. Edit **`root-application.yaml`** and **`bootstrap-root-application.yaml`**: set **`repoURL`** and **`targetRevision`**. The **`resources-finalizer.argocd.argoproj.io/background`** finalizer uses Argo’s path-qualified form so **`kubectl apply`** does not warn about finalizer names. 2. Optional add-on apps: add **`Application`** manifests under **`clusters/noble/apps/`** (see **`clusters/noble/apps/README.md`**). 3. **Bootstrap kustomize** (namespaces, datasource, leaf **`Application`**s under **`argocd/app-of-apps/`**, etc.): **`noble-bootstrap-root`** syncs **`clusters/noble/bootstrap`**. It is created with **manual** sync only so Argo does not apply changes while **`noble.yml`** is still running. + Current leaf apps include: **cilium**, **metrics-server**, **longhorn**, **metallb**, **traefik**, **cert-manager**, **kube-vip**, **csi-snapshot-crds**, **csi-snapshot-controller**, **kyverno**, **kyverno-policies**, **kube-prometheus**, **loki**, **fluent-bit**, **headlamp**. + Optional components with extra runtime credentials (for example **newt** and **velero**) are still Ansible-driven by default. **`ansible/playbooks/noble.yml`** (role **`noble_argocd`**) applies both roots when **`noble_argocd_apply_root_application`** / **`noble_argocd_apply_bootstrap_root_application`** are true in **`ansible/group_vars/all.yml`**. diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml new file mode 100644 index 0000000..36cb805 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml @@ -0,0 +1,33 @@ +# Bootstrap app-of-apps leaf: cert-manager (namespace + issuers + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-cert-manager + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/cert-manager + - repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.20.0 + helm: + releaseName: cert-manager + valueFiles: + - $values/clusters/noble/bootstrap/cert-manager/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml new file mode 100644 index 0000000..1f31509 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Cilium CNI. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-cilium + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://helm.cilium.io/ + chart: cilium + targetRevision: 1.16.6 + helm: + releaseName: cilium + valueFiles: + - $values/clusters/noble/bootstrap/cilium/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml new file mode 100644 index 0000000..0c97165 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml @@ -0,0 +1,21 @@ +# Bootstrap app-of-apps leaf: external-snapshotter controller manifests. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-csi-snapshot-controller + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/csi-snapshot-controller/controller + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml new file mode 100644 index 0000000..50efbac --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml @@ -0,0 +1,21 @@ +# Bootstrap app-of-apps leaf: external-snapshotter CRDs. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-csi-snapshot-crds + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/csi-snapshot-controller/crd + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml new file mode 100644 index 0000000..22a2c29 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml @@ -0,0 +1,21 @@ +# Bootstrap app-of-apps leaf: kube-vip API virtual IP manifests. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kube-vip + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/kube-vip + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml index d71a04c..ba458ee 100644 --- a/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml @@ -1,9 +1,20 @@ -# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**. Leaf **Application** / -# **AppProject** resources (Helm apps you migrate off raw **helm upgrade** in Ansible). Synced with the -# rest of **clusters/noble/bootstrap** via **noble-bootstrap-root** once automated sync is enabled. +# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**. +# Leaf Argo **Application** resources for bootstrap workloads that should appear as separate apps +# in Argo CD under **noble-bootstrap-root**. apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - cilium-application.yaml + - metrics-server-application.yaml + - longhorn-application.yaml + - metallb-application.yaml + - traefik-application.yaml + - cert-manager-application.yaml + - kyverno-application.yaml + - kyverno-policies-application.yaml + - kube-vip-application.yaml + - csi-snapshot-crds-application.yaml + - csi-snapshot-controller-application.yaml - kube-prometheus-application.yaml - loki-application.yaml - fluent-bit-application.yaml diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml new file mode 100644 index 0000000..d4c463f --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Kyverno admission controller. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kyverno + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kyverno.github.io/kyverno/ + chart: kyverno + targetRevision: 3.7.1 + helm: + releaseName: kyverno + valueFiles: + - $values/clusters/noble/bootstrap/kyverno/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kyverno + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml new file mode 100644 index 0000000..27671c0 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Kyverno policy chart. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kyverno-policies + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kyverno.github.io/kyverno/ + chart: kyverno-policies + targetRevision: 3.7.1 + helm: + releaseName: kyverno-policies + valueFiles: + - $values/clusters/noble/bootstrap/kyverno/policies-values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kyverno + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml new file mode 100644 index 0000000..0c2e1cb --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml @@ -0,0 +1,33 @@ +# Bootstrap app-of-apps leaf: Longhorn (namespace labels + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-longhorn + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/longhorn + - repoURL: https://charts.longhorn.io + chart: longhorn + targetRevision: 1.11.1 + helm: + releaseName: longhorn + valueFiles: + - $values/clusters/noble/bootstrap/longhorn/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: longhorn-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml new file mode 100644 index 0000000..5bc158e --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: MetalLB (namespace labels + Helm chart + IP pool/L2 advert). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-metallb + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/metallb + - repoURL: https://metallb.github.io/metallb + chart: metallb + targetRevision: 0.15.3 + helm: + releaseName: metallb + destination: + server: https://kubernetes.default.svc + namespace: metallb-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml new file mode 100644 index 0000000..fce0ff9 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: metrics-server. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-metrics-server + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kubernetes-sigs.github.io/metrics-server/ + chart: metrics-server + targetRevision: 3.13.0 + helm: + releaseName: metrics-server + valueFiles: + - $values/clusters/noble/bootstrap/metrics-server/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml new file mode 100644 index 0000000..bb26932 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Traefik ingress (namespace + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-traefik + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://traefik.github.io/charts + chart: traefik + targetRevision: 39.0.6 + helm: + releaseName: traefik + valueFiles: + - $values/clusters/noble/bootstrap/traefik/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: traefik + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/cert-manager/kustomization.yaml b/clusters/noble/bootstrap/cert-manager/kustomization.yaml index 3443eb3..ae5f3fe 100644 --- a/clusters/noble/bootstrap/cert-manager/kustomization.yaml +++ b/clusters/noble/bootstrap/cert-manager/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - clusterissuer-letsencrypt-staging.yaml - clusterissuer-letsencrypt-prod.yaml diff --git a/clusters/noble/bootstrap/metallb/kustomization.yaml b/clusters/noble/bootstrap/metallb/kustomization.yaml index 9c42ed7..14e68a7 100644 --- a/clusters/noble/bootstrap/metallb/kustomization.yaml +++ b/clusters/noble/bootstrap/metallb/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - ip-address-pool.yaml