gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor Argo CD application deployment by removing obsolete tasks and updating README for clarity. Introduce new task inclusion for Argo CD applications post-platform Helm installation, ensuring proper application order and synchronization.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-13 16:57:51 -04:00
parent 4adaf100a2
commit c4e000d2d5
26 changed files with 512 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/noble/bootstrap/argocd/README.md
View File

@@ -52,13 +52,13 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o
## 4. App-of-apps (GitOps)
**Ansible** (`ansible/playbooks/noble.yml`) performs the **initial** install: Helm releases and **`kubectl apply -k clusters/noble/bootstrap`**. **Argo** then tracks the same git paths for ongoing reconciliation.
**Ansible** (`ansible/playbooks/noble.yml`) runs **`kubectl apply -k clusters/noble/bootstrap`** (namespaces + static YAML) from **`noble_platform`**, then Helm installs, then **`noble_argocd`** `applications_post_platform.yml` applies **`root-application.yaml`**, **`bootstrap-root-application.yaml`**, and **`kubectl apply -k clusters/noble/bootstrap/argocd/app-of-apps`** so Argo **Application** CRs appear only **after** Helm (no SSA fights with **argocd-controller**).
1. Edit **`root-application.yaml`** and **`bootstrap-root-application.yaml`**: set **`repoURL`** and **`targetRevision`**. The **`resources-finalizer.argocd.argoproj.io/background`** finalizer uses Argos path-qualified form so **`kubectl apply`** does not warn about finalizer names.
2. Optional add-on apps: add **`Application`** manifests under **`clusters/noble/apps/`** (see **`clusters/noble/apps/README.md`**).
3. **Bootstrap kustomize** (namespaces, datasource, leaf **`Application`**s under **`argocd/app-of-apps/`**, etc.): **`noble-bootstrap-root`** syncs **`clusters/noble/bootstrap`**. It is created with **manual** sync only so Argo does not apply changes while **`noble.yml`** is still running.
3. **Bootstrap kustomize** (namespaces, datasource, etc.): **`noble-bootstrap-root`** syncs **`clusters/noble/bootstrap`** (no **`argocd/app-of-apps/`** in that kustomization). Leaf **`Application`** manifests live under **`argocd/app-of-apps/`**; Ansible applies that directory **after** **`noble_platform`** Helm so Argo does not SSA charts first. The root app uses **manual** sync; each leaf app is **manual** until you enable automation (see **§5**).
**`ansible/playbooks/noble.yml`** (role **`noble_argocd`**) applies both roots when **`noble_argocd_apply_root_application`** / **`noble_argocd_apply_bootstrap_root_application`** are true in **`ansible/group_vars/all.yml`**.
**`ansible/playbooks/noble.yml`** (roles **`noble_argocd`** Helm, then **`noble_platform`** — which **include_role**s **`noble_argocd/applications_post_platform`** after Helm) when **`noble_argocd_apply_*`** flags are set in **`ansible/group_vars/all.yml`**.
```bash
kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
@@ -99,7 +99,11 @@ Do this only after **`ansible-playbook playbooks/noble.yml`** has finished succe
5. Trigger a sync if the app does not go green immediately: **Sync** in the UI, or `argocd app sync noble-bootstrap-root`.
After this, **git** is the source of truth for everything under **`clusters/noble/bootstrap/kustomization.yaml`** (including **`argocd/app-of-apps/`**). Helm-managed platform components remain whatever Ansible last installed until you model them as Argo **`Application`**s under **`app-of-apps/`** and stop installing them from Ansible.
6. **Leaf apps** (`noble-cilium`, `noble-kube-prometheus`, … under **`app-of-apps/`**) stay **manual** until you turn on **AUTO-SYNC** (or sync once) **per app** after Ansible has finished. Until then they only register intent in Argo; **Ansible** still performs the Helm installs in **`noble_*`** roles. When you are ready for Argo to own a chart, enable sync for that leaf app and **remove** the corresponding **`helm upgrade`** task from Ansible so only one controller manages the release.
If **`helm upgrade`** failed with **conflict with `argocd-controller`**, a leaf app had already reconciled: apply the updated manifests (manual leaf sync), delete the conflicting **`Application`** with **`--cascade=false`** if needed, then re-run the playbook — or finish migration to Argo-only for that chart.
After **`noble-bootstrap-root`** is automated and leaf apps are synced, **git** is the source of truth for **`clusters/noble/bootstrap/kustomization.yaml`** and the leaf **`Application`** specs.
## Versions

31
clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Bootstrap app-of-apps leaf: cert-manager (namespace + issuers + Helm chart).
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-cert-manager
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
path: clusters/noble/bootstrap/cert-manager
- repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: v1.20.0
helm:
releaseName: cert-manager
valueFiles:
- $values/clusters/noble/bootstrap/cert-manager/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

28
clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: Cilium CNI.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-cilium
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://helm.cilium.io/
chart: cilium
targetRevision: 1.16.6
helm:
releaseName: cilium
valueFiles:
- $values/clusters/noble/bootstrap/cilium/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: kube-system
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

18
clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml Normal file
View File

@@ -0,0 +1,18 @@
# Bootstrap app-of-apps leaf: external-snapshotter controller manifests.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-csi-snapshot-controller
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
source:
repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
path: clusters/noble/bootstrap/csi-snapshot-controller/controller
destination:
server: https://kubernetes.default.svc
namespace: kube-system
# Manual sync: Ansible applies first; enable automation after cutover (see ../README.md §5).

18
clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml Normal file
View File

@@ -0,0 +1,18 @@
# Bootstrap app-of-apps leaf: external-snapshotter CRDs.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-csi-snapshot-crds
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
source:
repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
path: clusters/noble/bootstrap/csi-snapshot-controller/crd
destination:
server: https://kubernetes.default.svc
namespace: kube-system
# Manual sync: Ansible applies first; enable automation after cutover (see ../README.md §5).

28
clusters/noble/bootstrap/argocd/app-of-apps/fluent-bit-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: Fluent Bit.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-fluent-bit
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://fluent.github.io/helm-charts
chart: fluent-bit
targetRevision: 0.56.0
helm:
releaseName: fluent-bit
valueFiles:
- $values/clusters/noble/bootstrap/fluent-bit/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: logging
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

28
clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: Headlamp.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-headlamp
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://kubernetes-sigs.github.io/headlamp/
chart: headlamp
targetRevision: 0.40.1
helm:
releaseName: headlamp
valueFiles:
- $values/clusters/noble/bootstrap/headlamp/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: headlamp
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

28
clusters/noble/bootstrap/argocd/app-of-apps/kube-prometheus-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: kube-prometheus-stack.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-kube-prometheus
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetRevision: 82.15.1
helm:
releaseName: kube-prometheus
valueFiles:
- $values/clusters/noble/bootstrap/kube-prometheus-stack/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

18
clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml Normal file
View File

@@ -0,0 +1,18 @@
# Bootstrap app-of-apps leaf: kube-vip API virtual IP manifests.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-kube-vip
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
source:
repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
path: clusters/noble/bootstrap/kube-vip
destination:
server: https://kubernetes.default.svc
namespace: kube-system
# Manual sync: Ansible applies first; enable automation after cutover (see ../README.md §5).

20
clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml Normal file
View File

@@ -0,0 +1,20 @@
# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**.
# Leaf Argo **Application** resources for bootstrap workloads shown as separate apps under **noble-bootstrap-root**.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cilium-application.yaml
- metrics-server-application.yaml
- longhorn-application.yaml
- metallb-application.yaml
- traefik-application.yaml
- cert-manager-application.yaml
- kyverno-application.yaml
- kyverno-policies-application.yaml
- kube-vip-application.yaml
- csi-snapshot-crds-application.yaml
- csi-snapshot-controller-application.yaml
- kube-prometheus-application.yaml
- loki-application.yaml
- fluent-bit-application.yaml
- headlamp-application.yaml

28
clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: Kyverno admission controller.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-kyverno
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://kyverno.github.io/kyverno/
chart: kyverno
targetRevision: 3.7.1
helm:
releaseName: kyverno
valueFiles:
- $values/clusters/noble/bootstrap/kyverno/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: kyverno
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

28
clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: Kyverno policy chart.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-kyverno-policies
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://kyverno.github.io/kyverno/
chart: kyverno-policies
targetRevision: 3.7.1
helm:
releaseName: kyverno-policies
valueFiles:
- $values/clusters/noble/bootstrap/kyverno/policies-values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: kyverno
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

28
clusters/noble/bootstrap/argocd/app-of-apps/loki-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: Loki.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-loki
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://grafana.github.io/helm-charts
chart: loki
targetRevision: 6.55.0
helm:
releaseName: loki
valueFiles:
- $values/clusters/noble/bootstrap/loki/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: loki
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

31
clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Bootstrap app-of-apps leaf: Longhorn (namespace labels + Helm chart).
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-longhorn
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
path: clusters/noble/bootstrap/longhorn
- repoURL: https://charts.longhorn.io
chart: longhorn
targetRevision: 1.11.1
helm:
releaseName: longhorn
valueFiles:
- $values/clusters/noble/bootstrap/longhorn/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: longhorn-system
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

26
clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml Normal file
View File

@@ -0,0 +1,26 @@
# Bootstrap app-of-apps leaf: MetalLB (namespace + pool/L2 + Helm chart).
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-metallb
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
path: clusters/noble/bootstrap/metallb
- repoURL: https://metallb.github.io/metallb
chart: metallb
targetRevision: 0.15.3
helm:
releaseName: metallb
destination:
server: https://kubernetes.default.svc
namespace: metallb-system
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

28
clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: metrics-server.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-metrics-server
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://kubernetes-sigs.github.io/metrics-server/
chart: metrics-server
targetRevision: 3.13.0
helm:
releaseName: metrics-server
valueFiles:
- $values/clusters/noble/bootstrap/metrics-server/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: kube-system
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

28
clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Bootstrap app-of-apps leaf: Traefik ingress.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-traefik
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
sources:
- repoURL: https://traefik.github.io/charts
chart: traefik
targetRevision: 39.0.6
helm:
releaseName: traefik
valueFiles:
- $values/clusters/noble/bootstrap/traefik/values.yaml
- repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: traefik
# Manual sync: Ansible helm runs first; enable automation after cutover (see ../README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

30
clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml Normal file
View File

@@ -0,0 +1,30 @@
# **noble-bootstrap-root** — Kustomize for **clusters/noble/bootstrap** (namespaces, Grafana datasource,
# VolumeSnapshotClass, etc.). Leaf **Application** CRs under **argocd/app-of-apps/** are **not** in this
# path; Ansible applies them after Helm (see **noble_argocd** `applications_post_platform.yml`).
#
# **Initial deploy:** Ansible is the only writer; **automated sync is off** so Argo does not reconcile
# during **noble.yml**. **After** the playbook finishes, enable automated sync (see **README.md** §5)
# so git becomes the source of truth for this kustomize output.
#
# Edit **spec.source.repoURL** / **targetRevision** for your remote.
#
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: noble-bootstrap-root
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io/background
spec:
project: default
source:
repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
targetRevision: HEAD
path: clusters/noble/bootstrap
destination:
server: https://kubernetes.default.svc
namespace: argocd
# Manual sync until you enable automation after Ansible (see README.md §5).
syncPolicy:
syncOptions:
- CreateNamespace=true

8
clusters/noble/bootstrap/argocd/root-application.yaml
View File

@@ -3,10 +3,10 @@
# 1. Set spec.source.repoURL (and targetRevision — **HEAD** tracks the remote default branch) to this repo.
# 2. kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
#
# **clusters/noble/apps** holds optional **Application** manifests. Core platform Helm + kustomize is
# installed by **ansible/playbooks/noble.yml** from **clusters/noble/bootstrap/**. **bootstrap-root-application.yaml**
# registers **noble-bootstrap-root** for the same kustomize tree (**manual** sync until you enable
# automation after the playbook — see **README.md** §5).
# **clusters/noble/apps** holds optional **Application** manifests. **noble_platform** applies
# **clusters/noble/bootstrap/kustomization.yaml** (namespaces + static YAML), Helm installs, then
# **applications_post_platform.yml** applies **bootstrap-root-application.yaml** and **argocd/app-of-apps/**.
# **noble-bootstrap-root** tracks bootstrap kustomize (**manual** sync until README §5).
#
apiVersion: argoproj.io/v1alpha1
kind: Application

1
clusters/noble/bootstrap/cert-manager/kustomization.yaml
View File

@@ -1,5 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- clusterissuer-letsencrypt-staging.yaml
- clusterissuer-letsencrypt-prod.yaml

15
clusters/noble/bootstrap/kustomization.yaml
View File

@@ -1,11 +1,13 @@
# Ansible bootstrap: plain Kustomize (namespaces + extra YAML). Helm installs are driven by
# **ansible/playbooks/noble.yml** (role **noble_platform**) — avoids **kustomize --enable-helm** in-repo.
# Optional GitOps: **../apps/** (Argo **noble-root**); leaf **Application**s under **argocd/app-of-apps/**.
# **noble-bootstrap-root** (Argo) uses this same path — enable automated sync only after **noble.yml**
# completes (see **argocd/README.md** §5).
# Ansible **noble_platform**: `kubectl apply -k` this directory (namespaces + static YAML only).
# Leaf Argo **Application** manifests live under **argocd/app-of-apps/** and are applied **after** Helm
# by **noble_argocd** `applications_post_platform.yml` so **argocd-controller** does not SSA the chart
# before **helm upgrade** runs.
#
# **noble-bootstrap-root** syncs this same path for GitOps on namespaces/datasource/VolumeSnapshotClass.
# Per-chart GitOps: each **noble-*** app under **argocd/app-of-apps/** (manual sync until you cut over).
#
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- kube-prometheus-stack/namespace.yaml
- loki/namespace.yaml
@@ -16,4 +18,3 @@ resources:
- velero/longhorn-volumesnapshotclass.yaml
- headlamp/namespace.yaml
- grafana-loki-datasource/loki-datasource.yaml
- argocd/app-of-apps

1
clusters/noble/bootstrap/metallb/kustomization.yaml
View File

@@ -1,4 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- ip-address-pool.yaml