From bfb72cb51922bd6f35f1bbbe5aeaea782c00315b Mon Sep 17 00:00:00 2001 From: Nikholas Pcenicni <82239765+nikpcenicni@users.noreply.github.com> Date: Wed, 1 Apr 2026 02:11:19 -0400 Subject: [PATCH] Update Argo CD documentation and kustomization files to include additional applications and namespace resources. Enhance README.md with current leaf applications and clarify optional components. This improves deployment clarity and organization for bootstrap workloads. --- clusters/noble/bootstrap/argocd/README.md | 2 ++ .../app-of-apps/cert-manager-application.yaml | 33 +++++++++++++++++++ .../app-of-apps/cilium-application.yaml | 30 +++++++++++++++++ .../csi-snapshot-controller-application.yaml | 21 ++++++++++++ .../csi-snapshot-crds-application.yaml | 21 ++++++++++++ .../app-of-apps/kube-vip-application.yaml | 21 ++++++++++++ .../argocd/app-of-apps/kustomization.yaml | 17 ++++++++-- .../app-of-apps/kyverno-application.yaml | 30 +++++++++++++++++ .../kyverno-policies-application.yaml | 30 +++++++++++++++++ .../app-of-apps/longhorn-application.yaml | 33 +++++++++++++++++++ .../app-of-apps/metallb-application.yaml | 28 ++++++++++++++++ .../metrics-server-application.yaml | 30 +++++++++++++++++ .../app-of-apps/traefik-application.yaml | 30 +++++++++++++++++ .../bootstrap/cert-manager/kustomization.yaml | 1 + .../bootstrap/metallb/kustomization.yaml | 1 + 15 files changed, 325 insertions(+), 3 deletions(-) create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml create mode 100644 clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml diff --git a/clusters/noble/bootstrap/argocd/README.md b/clusters/noble/bootstrap/argocd/README.md index 0190815..2c44ea0 100644 --- a/clusters/noble/bootstrap/argocd/README.md +++ b/clusters/noble/bootstrap/argocd/README.md @@ -57,6 +57,8 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o 1. Edit **`root-application.yaml`** and **`bootstrap-root-application.yaml`**: set **`repoURL`** and **`targetRevision`**. The **`resources-finalizer.argocd.argoproj.io/background`** finalizer uses Argo’s path-qualified form so **`kubectl apply`** does not warn about finalizer names. 2. Optional add-on apps: add **`Application`** manifests under **`clusters/noble/apps/`** (see **`clusters/noble/apps/README.md`**). 3. **Bootstrap kustomize** (namespaces, datasource, leaf **`Application`**s under **`argocd/app-of-apps/`**, etc.): **`noble-bootstrap-root`** syncs **`clusters/noble/bootstrap`**. It is created with **manual** sync only so Argo does not apply changes while **`noble.yml`** is still running. + Current leaf apps include: **cilium**, **metrics-server**, **longhorn**, **metallb**, **traefik**, **cert-manager**, **kube-vip**, **csi-snapshot-crds**, **csi-snapshot-controller**, **kyverno**, **kyverno-policies**, **kube-prometheus**, **loki**, **fluent-bit**, **headlamp**. + Optional components with extra runtime credentials (for example **newt** and **velero**) are still Ansible-driven by default. **`ansible/playbooks/noble.yml`** (role **`noble_argocd`**) applies both roots when **`noble_argocd_apply_root_application`** / **`noble_argocd_apply_bootstrap_root_application`** are true in **`ansible/group_vars/all.yml`**. diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml new file mode 100644 index 0000000..36cb805 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml @@ -0,0 +1,33 @@ +# Bootstrap app-of-apps leaf: cert-manager (namespace + issuers + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-cert-manager + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/cert-manager + - repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.20.0 + helm: + releaseName: cert-manager + valueFiles: + - $values/clusters/noble/bootstrap/cert-manager/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml new file mode 100644 index 0000000..1f31509 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Cilium CNI. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-cilium + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://helm.cilium.io/ + chart: cilium + targetRevision: 1.16.6 + helm: + releaseName: cilium + valueFiles: + - $values/clusters/noble/bootstrap/cilium/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml new file mode 100644 index 0000000..0c97165 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml @@ -0,0 +1,21 @@ +# Bootstrap app-of-apps leaf: external-snapshotter controller manifests. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-csi-snapshot-controller + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/csi-snapshot-controller/controller + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml new file mode 100644 index 0000000..50efbac --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml @@ -0,0 +1,21 @@ +# Bootstrap app-of-apps leaf: external-snapshotter CRDs. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-csi-snapshot-crds + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/csi-snapshot-controller/crd + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml new file mode 100644 index 0000000..22a2c29 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml @@ -0,0 +1,21 @@ +# Bootstrap app-of-apps leaf: kube-vip API virtual IP manifests. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kube-vip + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/kube-vip + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml index d71a04c..ba458ee 100644 --- a/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml @@ -1,9 +1,20 @@ -# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**. Leaf **Application** / -# **AppProject** resources (Helm apps you migrate off raw **helm upgrade** in Ansible). Synced with the -# rest of **clusters/noble/bootstrap** via **noble-bootstrap-root** once automated sync is enabled. +# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**. +# Leaf Argo **Application** resources for bootstrap workloads that should appear as separate apps +# in Argo CD under **noble-bootstrap-root**. apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - cilium-application.yaml + - metrics-server-application.yaml + - longhorn-application.yaml + - metallb-application.yaml + - traefik-application.yaml + - cert-manager-application.yaml + - kyverno-application.yaml + - kyverno-policies-application.yaml + - kube-vip-application.yaml + - csi-snapshot-crds-application.yaml + - csi-snapshot-controller-application.yaml - kube-prometheus-application.yaml - loki-application.yaml - fluent-bit-application.yaml diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml new file mode 100644 index 0000000..d4c463f --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Kyverno admission controller. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kyverno + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kyverno.github.io/kyverno/ + chart: kyverno + targetRevision: 3.7.1 + helm: + releaseName: kyverno + valueFiles: + - $values/clusters/noble/bootstrap/kyverno/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kyverno + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml new file mode 100644 index 0000000..27671c0 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Kyverno policy chart. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kyverno-policies + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kyverno.github.io/kyverno/ + chart: kyverno-policies + targetRevision: 3.7.1 + helm: + releaseName: kyverno-policies + valueFiles: + - $values/clusters/noble/bootstrap/kyverno/policies-values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kyverno + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml new file mode 100644 index 0000000..0c2e1cb --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml @@ -0,0 +1,33 @@ +# Bootstrap app-of-apps leaf: Longhorn (namespace labels + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-longhorn + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/longhorn + - repoURL: https://charts.longhorn.io + chart: longhorn + targetRevision: 1.11.1 + helm: + releaseName: longhorn + valueFiles: + - $values/clusters/noble/bootstrap/longhorn/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: longhorn-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml new file mode 100644 index 0000000..5bc158e --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: MetalLB (namespace labels + Helm chart + IP pool/L2 advert). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-metallb + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/metallb + - repoURL: https://metallb.github.io/metallb + chart: metallb + targetRevision: 0.15.3 + helm: + releaseName: metallb + destination: + server: https://kubernetes.default.svc + namespace: metallb-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml new file mode 100644 index 0000000..fce0ff9 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: metrics-server. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-metrics-server + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kubernetes-sigs.github.io/metrics-server/ + chart: metrics-server + targetRevision: 3.13.0 + helm: + releaseName: metrics-server + valueFiles: + - $values/clusters/noble/bootstrap/metrics-server/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml new file mode 100644 index 0000000..bb26932 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml @@ -0,0 +1,30 @@ +# Bootstrap app-of-apps leaf: Traefik ingress (namespace + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-traefik + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://traefik.github.io/charts + chart: traefik + targetRevision: 39.0.6 + helm: + releaseName: traefik + valueFiles: + - $values/clusters/noble/bootstrap/traefik/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: traefik + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/cert-manager/kustomization.yaml b/clusters/noble/bootstrap/cert-manager/kustomization.yaml index 3443eb3..ae5f3fe 100644 --- a/clusters/noble/bootstrap/cert-manager/kustomization.yaml +++ b/clusters/noble/bootstrap/cert-manager/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - clusterissuer-letsencrypt-staging.yaml - clusterissuer-letsencrypt-prod.yaml diff --git a/clusters/noble/bootstrap/metallb/kustomization.yaml b/clusters/noble/bootstrap/metallb/kustomization.yaml index 9c42ed7..14e68a7 100644 --- a/clusters/noble/bootstrap/metallb/kustomization.yaml +++ b/clusters/noble/bootstrap/metallb/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - ip-address-pool.yaml