diff --git a/ansible/roles/noble_argocd/tasks/applications_post_platform.yml b/ansible/roles/noble_argocd/tasks/applications_post_platform.yml new file mode 100644 index 0000000..79d792e --- /dev/null +++ b/ansible/roles/noble_argocd/tasks/applications_post_platform.yml @@ -0,0 +1,38 @@ +--- +# Run after **noble_platform** Helm + `kubectl apply -k clusters/noble/bootstrap` so leaf **Application** +# CRs are not reconciled by Argo before **helm upgrade** (avoids SSA conflicts with **argocd-controller**). +- name: Apply Argo CD root Application (app-of-apps) + ansible.builtin.command: + argv: + - kubectl + - apply + - -f + - "{{ noble_repo_root }}/clusters/noble/bootstrap/argocd/root-application.yaml" + environment: + KUBECONFIG: "{{ noble_kubeconfig }}" + when: noble_argocd_apply_root_application | default(false) | bool + changed_when: true + +- name: Apply Argo CD bootstrap root Application + ansible.builtin.command: + argv: + - kubectl + - apply + - -f + - "{{ noble_repo_root }}/clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml" + environment: + KUBECONFIG: "{{ noble_kubeconfig }}" + when: noble_argocd_apply_bootstrap_root_application | default(false) | bool + changed_when: true + +- name: Apply Argo CD leaf Application definitions (argocd/app-of-apps — post-Helm) + ansible.builtin.command: + argv: + - kubectl + - apply + - -k + - "{{ noble_repo_root }}/clusters/noble/bootstrap/argocd/app-of-apps" + environment: + KUBECONFIG: "{{ noble_kubeconfig }}" + when: noble_argocd_apply_bootstrap_root_application | default(false) | bool + changed_when: true diff --git a/ansible/roles/noble_argocd/tasks/main.yml b/ansible/roles/noble_argocd/tasks/main.yml index 6cdf499..1c53881 100644 --- a/ansible/roles/noble_argocd/tasks/main.yml +++ b/ansible/roles/noble_argocd/tasks/main.yml @@ -20,27 +20,3 @@ environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true - -- name: Apply Argo CD root Application (app-of-apps) - ansible.builtin.command: - argv: - - kubectl - - apply - - -f - - "{{ noble_repo_root }}/clusters/noble/bootstrap/argocd/root-application.yaml" - environment: - KUBECONFIG: "{{ noble_kubeconfig }}" - when: noble_argocd_apply_root_application | default(false) | bool - changed_when: true - -- name: Apply Argo CD bootstrap app-of-apps Application - ansible.builtin.command: - argv: - - kubectl - - apply - - -f - - "{{ noble_repo_root }}/clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml" - environment: - KUBECONFIG: "{{ noble_kubeconfig }}" - when: noble_argocd_apply_bootstrap_root_application | default(false) | bool - changed_when: true diff --git a/ansible/roles/noble_platform/tasks/main.yml b/ansible/roles/noble_platform/tasks/main.yml index f21545b..ee3899d 100644 --- a/ansible/roles/noble_platform/tasks/main.yml +++ b/ansible/roles/noble_platform/tasks/main.yml @@ -115,3 +115,8 @@ environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true + +- name: Argo CD — apply Application manifests after platform Helm + ansible.builtin.include_role: + name: noble_argocd + tasks_from: applications_post_platform diff --git a/ansible/roles/noble_post_deploy/tasks/main.yml b/ansible/roles/noble_post_deploy/tasks/main.yml index 8ee779e..dd547bd 100644 --- a/ansible/roles/noble_post_deploy/tasks/main.yml +++ b/ansible/roles/noble_post_deploy/tasks/main.yml @@ -9,7 +9,8 @@ - name: Argo CD optional root Application (empty app-of-apps) ansible.builtin.debug: msg: >- - App-of-apps: noble.yml applies root-application.yaml when noble_argocd_apply_root_application is true; - bootstrap-root-application.yaml when noble_argocd_apply_bootstrap_root_application is true (group_vars/all.yml). + App-of-apps: after **noble_platform**, noble.yml runs **noble_argocd** `applications_post_platform.yml`: + root-application.yaml when noble_argocd_apply_root_application is true; bootstrap-root + **kubectl apply -k + argocd/app-of-apps** when noble_argocd_apply_bootstrap_root_application is true (group_vars/all.yml). noble-bootstrap-root uses manual sync until you enable automation after the playbook — clusters/noble/bootstrap/argocd/README.md §5. See clusters/noble/apps/README.md and that README. diff --git a/clusters/noble/bootstrap/argocd/README.md b/clusters/noble/bootstrap/argocd/README.md index 0190815..e7cdac5 100644 --- a/clusters/noble/bootstrap/argocd/README.md +++ b/clusters/noble/bootstrap/argocd/README.md @@ -52,13 +52,13 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o ## 4. App-of-apps (GitOps) -**Ansible** (`ansible/playbooks/noble.yml`) performs the **initial** install: Helm releases and **`kubectl apply -k clusters/noble/bootstrap`**. **Argo** then tracks the same git paths for ongoing reconciliation. +**Ansible** (`ansible/playbooks/noble.yml`) runs **`kubectl apply -k clusters/noble/bootstrap`** (namespaces + static YAML) from **`noble_platform`**, then Helm installs, then **`noble_argocd`** `applications_post_platform.yml` applies **`root-application.yaml`**, **`bootstrap-root-application.yaml`**, and **`kubectl apply -k clusters/noble/bootstrap/argocd/app-of-apps`** so Argo **Application** CRs appear only **after** Helm (no SSA fights with **argocd-controller**). 1. Edit **`root-application.yaml`** and **`bootstrap-root-application.yaml`**: set **`repoURL`** and **`targetRevision`**. The **`resources-finalizer.argocd.argoproj.io/background`** finalizer uses Argo’s path-qualified form so **`kubectl apply`** does not warn about finalizer names. 2. Optional add-on apps: add **`Application`** manifests under **`clusters/noble/apps/`** (see **`clusters/noble/apps/README.md`**). -3. **Bootstrap kustomize** (namespaces, datasource, leaf **`Application`**s under **`argocd/app-of-apps/`**, etc.): **`noble-bootstrap-root`** syncs **`clusters/noble/bootstrap`**. It is created with **manual** sync only so Argo does not apply changes while **`noble.yml`** is still running. +3. **Bootstrap kustomize** (namespaces, datasource, etc.): **`noble-bootstrap-root`** syncs **`clusters/noble/bootstrap`** (no **`argocd/app-of-apps/`** in that kustomization). Leaf **`Application`** manifests live under **`argocd/app-of-apps/`**; Ansible applies that directory **after** **`noble_platform`** Helm so Argo does not SSA charts first. The root app uses **manual** sync; each leaf app is **manual** until you enable automation (see **§5**). - **`ansible/playbooks/noble.yml`** (role **`noble_argocd`**) applies both roots when **`noble_argocd_apply_root_application`** / **`noble_argocd_apply_bootstrap_root_application`** are true in **`ansible/group_vars/all.yml`**. + **`ansible/playbooks/noble.yml`** (roles **`noble_argocd`** Helm, then **`noble_platform`** — which **include_role**s **`noble_argocd/applications_post_platform`** after Helm) when **`noble_argocd_apply_*`** flags are set in **`ansible/group_vars/all.yml`**. ```bash kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml @@ -99,7 +99,11 @@ Do this only after **`ansible-playbook playbooks/noble.yml`** has finished succe 5. Trigger a sync if the app does not go green immediately: **Sync** in the UI, or `argocd app sync noble-bootstrap-root`. -After this, **git** is the source of truth for everything under **`clusters/noble/bootstrap/kustomization.yaml`** (including **`argocd/app-of-apps/`**). Helm-managed platform components remain whatever Ansible last installed until you model them as Argo **`Application`**s under **`app-of-apps/`** and stop installing them from Ansible. +6. **Leaf apps** (`noble-cilium`, `noble-kube-prometheus`, … under **`app-of-apps/`**) stay **manual** until you turn on **AUTO-SYNC** (or sync once) **per app** after Ansible has finished. Until then they only register intent in Argo; **Ansible** still performs the Helm installs in **`noble_*`** roles. When you are ready for Argo to own a chart, enable sync for that leaf app and **remove** the corresponding **`helm upgrade`** task from Ansible so only one controller manages the release. + +If **`helm upgrade`** failed with **conflict with `argocd-controller`**, a leaf app had already reconciled: apply the updated manifests (manual leaf sync), delete the conflicting **`Application`** with **`--cascade=false`** if needed, then re-run the playbook — or finish migration to Argo-only for that chart. + +After **`noble-bootstrap-root`** is automated and leaf apps are synced, **git** is the source of truth for **`clusters/noble/bootstrap/kustomization.yaml`** and the leaf **`Application`** specs. ## Versions diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml new file mode 100644 index 0000000..a7d4a15 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml @@ -0,0 +1,31 @@ +# Bootstrap app-of-apps leaf: cert-manager (namespace + issuers + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-cert-manager + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/cert-manager + - repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.20.0 + helm: + releaseName: cert-manager + valueFiles: + - $values/clusters/noble/bootstrap/cert-manager/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml new file mode 100644 index 0000000..a5d51a9 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: Cilium CNI. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-cilium + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://helm.cilium.io/ + chart: cilium + targetRevision: 1.16.6 + helm: + releaseName: cilium + valueFiles: + - $values/clusters/noble/bootstrap/cilium/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kube-system + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml new file mode 100644 index 0000000..9d26a22 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml @@ -0,0 +1,18 @@ +# Bootstrap app-of-apps leaf: external-snapshotter controller manifests. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-csi-snapshot-controller + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/csi-snapshot-controller/controller + destination: + server: https://kubernetes.default.svc + namespace: kube-system + # Manual sync: Ansible applies first; enable automation after cutover (see ../README.md §5). diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml new file mode 100644 index 0000000..5705fe8 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml @@ -0,0 +1,18 @@ +# Bootstrap app-of-apps leaf: external-snapshotter CRDs. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-csi-snapshot-crds + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/csi-snapshot-controller/crd + destination: + server: https://kubernetes.default.svc + namespace: kube-system + # Manual sync: Ansible applies first; enable automation after cutover (see ../README.md §5). diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/fluent-bit-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/fluent-bit-application.yaml new file mode 100644 index 0000000..f9cdaa1 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/fluent-bit-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: Fluent Bit. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-fluent-bit + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://fluent.github.io/helm-charts + chart: fluent-bit + targetRevision: 0.56.0 + helm: + releaseName: fluent-bit + valueFiles: + - $values/clusters/noble/bootstrap/fluent-bit/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: logging + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml new file mode 100644 index 0000000..48fb75f --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: Headlamp. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-headlamp + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kubernetes-sigs.github.io/headlamp/ + chart: headlamp + targetRevision: 0.40.1 + helm: + releaseName: headlamp + valueFiles: + - $values/clusters/noble/bootstrap/headlamp/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: headlamp + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kube-prometheus-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kube-prometheus-application.yaml new file mode 100644 index 0000000..bb8f5c0 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kube-prometheus-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: kube-prometheus-stack. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kube-prometheus + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://prometheus-community.github.io/helm-charts + chart: kube-prometheus-stack + targetRevision: 82.15.1 + helm: + releaseName: kube-prometheus + valueFiles: + - $values/clusters/noble/bootstrap/kube-prometheus-stack/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: monitoring + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml new file mode 100644 index 0000000..263a554 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml @@ -0,0 +1,18 @@ +# Bootstrap app-of-apps leaf: kube-vip API virtual IP manifests. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kube-vip + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/kube-vip + destination: + server: https://kubernetes.default.svc + namespace: kube-system + # Manual sync: Ansible applies first; enable automation after cutover (see ../README.md §5). diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml new file mode 100644 index 0000000..43ef591 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml @@ -0,0 +1,20 @@ +# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**. +# Leaf Argo **Application** resources for bootstrap workloads shown as separate apps under **noble-bootstrap-root**. +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cilium-application.yaml + - metrics-server-application.yaml + - longhorn-application.yaml + - metallb-application.yaml + - traefik-application.yaml + - cert-manager-application.yaml + - kyverno-application.yaml + - kyverno-policies-application.yaml + - kube-vip-application.yaml + - csi-snapshot-crds-application.yaml + - csi-snapshot-controller-application.yaml + - kube-prometheus-application.yaml + - loki-application.yaml + - fluent-bit-application.yaml + - headlamp-application.yaml diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml new file mode 100644 index 0000000..fa0b8fb --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: Kyverno admission controller. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kyverno + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kyverno.github.io/kyverno/ + chart: kyverno + targetRevision: 3.7.1 + helm: + releaseName: kyverno + valueFiles: + - $values/clusters/noble/bootstrap/kyverno/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kyverno + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml new file mode 100644 index 0000000..1b220e2 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: Kyverno policy chart. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-kyverno-policies + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kyverno.github.io/kyverno/ + chart: kyverno-policies + targetRevision: 3.7.1 + helm: + releaseName: kyverno-policies + valueFiles: + - $values/clusters/noble/bootstrap/kyverno/policies-values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kyverno + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/loki-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/loki-application.yaml new file mode 100644 index 0000000..4971bd7 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/loki-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: Loki. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-loki + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://grafana.github.io/helm-charts + chart: loki + targetRevision: 6.55.0 + helm: + releaseName: loki + valueFiles: + - $values/clusters/noble/bootstrap/loki/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: loki + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml new file mode 100644 index 0000000..d536d5c --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml @@ -0,0 +1,31 @@ +# Bootstrap app-of-apps leaf: Longhorn (namespace labels + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-longhorn + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/longhorn + - repoURL: https://charts.longhorn.io + chart: longhorn + targetRevision: 1.11.1 + helm: + releaseName: longhorn + valueFiles: + - $values/clusters/noble/bootstrap/longhorn/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: longhorn-system + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml new file mode 100644 index 0000000..26a05bc --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml @@ -0,0 +1,26 @@ +# Bootstrap app-of-apps leaf: MetalLB (namespace + pool/L2 + Helm chart). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-metallb + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap/metallb + - repoURL: https://metallb.github.io/metallb + chart: metallb + targetRevision: 0.15.3 + helm: + releaseName: metallb + destination: + server: https://kubernetes.default.svc + namespace: metallb-system + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml new file mode 100644 index 0000000..22996d8 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: metrics-server. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-metrics-server + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://kubernetes-sigs.github.io/metrics-server/ + chart: metrics-server + targetRevision: 3.13.0 + helm: + releaseName: metrics-server + valueFiles: + - $values/clusters/noble/bootstrap/metrics-server/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: kube-system + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml new file mode 100644 index 0000000..476d30e --- /dev/null +++ b/clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml @@ -0,0 +1,28 @@ +# Bootstrap app-of-apps leaf: Traefik ingress. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-traefik + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + sources: + - repoURL: https://traefik.github.io/charts + chart: traefik + targetRevision: 39.0.6 + helm: + releaseName: traefik + valueFiles: + - $values/clusters/noble/bootstrap/traefik/values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values + destination: + server: https://kubernetes.default.svc + namespace: traefik + # Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml b/clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml new file mode 100644 index 0000000..08be5a4 --- /dev/null +++ b/clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml @@ -0,0 +1,30 @@ +# **noble-bootstrap-root** — Kustomize for **clusters/noble/bootstrap** (namespaces, Grafana datasource, +# VolumeSnapshotClass, etc.). Leaf **Application** CRs under **argocd/app-of-apps/** are **not** in this +# path; Ansible applies them after Helm (see **noble_argocd** `applications_post_platform.yml`). +# +# **Initial deploy:** Ansible is the only writer; **automated sync is off** so Argo does not reconcile +# during **noble.yml**. **After** the playbook finishes, enable automated sync (see **README.md** §5) +# so git becomes the source of truth for this kustomize output. +# +# Edit **spec.source.repoURL** / **targetRevision** for your remote. +# +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: noble-bootstrap-root + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io/background +spec: + project: default + source: + repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + path: clusters/noble/bootstrap + destination: + server: https://kubernetes.default.svc + namespace: argocd + # Manual sync until you enable automation after Ansible (see README.md §5). + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/clusters/noble/bootstrap/argocd/root-application.yaml b/clusters/noble/bootstrap/argocd/root-application.yaml index 2f466f0..79924ce 100644 --- a/clusters/noble/bootstrap/argocd/root-application.yaml +++ b/clusters/noble/bootstrap/argocd/root-application.yaml @@ -3,10 +3,10 @@ # 1. Set spec.source.repoURL (and targetRevision — **HEAD** tracks the remote default branch) to this repo. # 2. kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml # -# **clusters/noble/apps** holds optional **Application** manifests. Core platform Helm + kustomize is -# installed by **ansible/playbooks/noble.yml** from **clusters/noble/bootstrap/**. **bootstrap-root-application.yaml** -# registers **noble-bootstrap-root** for the same kustomize tree (**manual** sync until you enable -# automation after the playbook — see **README.md** §5). +# **clusters/noble/apps** holds optional **Application** manifests. **noble_platform** applies +# **clusters/noble/bootstrap/kustomization.yaml** (namespaces + static YAML), Helm installs, then +# **applications_post_platform.yml** applies **bootstrap-root-application.yaml** and **argocd/app-of-apps/**. +# **noble-bootstrap-root** tracks bootstrap kustomize (**manual** sync until README §5). # apiVersion: argoproj.io/v1alpha1 kind: Application diff --git a/clusters/noble/bootstrap/cert-manager/kustomization.yaml b/clusters/noble/bootstrap/cert-manager/kustomization.yaml index 3443eb3..ae5f3fe 100644 --- a/clusters/noble/bootstrap/cert-manager/kustomization.yaml +++ b/clusters/noble/bootstrap/cert-manager/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - clusterissuer-letsencrypt-staging.yaml - clusterissuer-letsencrypt-prod.yaml diff --git a/clusters/noble/bootstrap/kustomization.yaml b/clusters/noble/bootstrap/kustomization.yaml index 88e7293..80f0be8 100644 --- a/clusters/noble/bootstrap/kustomization.yaml +++ b/clusters/noble/bootstrap/kustomization.yaml @@ -1,11 +1,13 @@ -# Ansible bootstrap: plain Kustomize (namespaces + extra YAML). Helm installs are driven by -# **ansible/playbooks/noble.yml** (role **noble_platform**) — avoids **kustomize --enable-helm** in-repo. -# Optional GitOps: **../apps/** (Argo **noble-root**); leaf **Application**s under **argocd/app-of-apps/**. -# **noble-bootstrap-root** (Argo) uses this same path — enable automated sync only after **noble.yml** -# completes (see **argocd/README.md** §5). +# Ansible **noble_platform**: `kubectl apply -k` this directory (namespaces + static YAML only). +# Leaf Argo **Application** manifests live under **argocd/app-of-apps/** and are applied **after** Helm +# by **noble_argocd** `applications_post_platform.yml` so **argocd-controller** does not SSA the chart +# before **helm upgrade** runs. +# +# **noble-bootstrap-root** syncs this same path for GitOps on namespaces/datasource/VolumeSnapshotClass. +# Per-chart GitOps: each **noble-*** app under **argocd/app-of-apps/** (manual sync until you cut over). +# apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - kube-prometheus-stack/namespace.yaml - loki/namespace.yaml @@ -16,4 +18,3 @@ resources: - velero/longhorn-volumesnapshotclass.yaml - headlamp/namespace.yaml - grafana-loki-datasource/loki-datasource.yaml - - argocd/app-of-apps diff --git a/clusters/noble/bootstrap/metallb/kustomization.yaml b/clusters/noble/bootstrap/metallb/kustomization.yaml index 9c42ed7..14e68a7 100644 --- a/clusters/noble/bootstrap/metallb/kustomization.yaml +++ b/clusters/noble/bootstrap/metallb/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - ip-address-pool.yaml