Update Argo CD configuration by enabling service in kube-vip daemonset, replacing argocd-ingress with argocd-server-lb, and updating documentation to reflect changes.

clusters/noble/apps/kube-vip/vip-daemonset.yaml

@@ -41,9 +41,9 @@ spec:
             - name: cp_enable
               value: "true"
             - name: svc_enable
-              value: "false"
+              value: "true"
             - name: servicesElection
-              value: "false"
+              value: "true"
           securityContext:
             capabilities:
               add:

clusters/noble/bootstrap/argocd/argocd-ingress.yaml

@@ -1,25 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: argocd-server
-  namespace: argocd
-  annotations:
-    ingress.cilium.io/backend-protocol: HTTPS
-spec:
-  ingressClassName: cilium
-  tls:
-    - hosts:
-        - argo.noble.lab.pcenicni.dev
-      secretName: argocd-server-tls
-  rules:
-    - host: argo.noble.lab.pcenicni.dev
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: argocd-server
-                port:
-                  number: 443
-

clusters/noble/bootstrap/argocd/argocd-server-lb.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: argocd-server-lb
+  namespace: argocd
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 192.168.50.231
+  selector:
+    app.kubernetes.io/name: argocd-server
+  ports:
+    - name: https
+      protocol: TCP
+      port: 443
+      targetPort: 8080
+

clusters/noble/bootstrap/argocd/kustomization.yaml

@@ -5,5 +5,5 @@ resources:
   - namespace.yaml
   - https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.7/manifests/install.yaml
   - default-appproject.yaml
-  - argocd-ingress.yaml
+  - argocd-server-lb.yaml
 

talos/README.md

@@ -112,15 +112,16 @@ nc -vz 192.168.50.230 6443
 
 ## 9) Argo CD via DNS host (no port)
 
-Argo CD is exposed through Cilium Ingress with host:
+Argo CD is exposed through a kube-vip managed LoadBalancer Service:
 
 - `argo.noble.lab.pcenicni.dev`
 
-Ingress manifest:
+Manifests:
 
-- `clusters/noble/bootstrap/argocd/argocd-ingress.yaml`
+- `clusters/noble/bootstrap/argocd/argocd-server-lb.yaml`
+- `clusters/noble/apps/kube-vip/vip-daemonset.yaml` (`svc_enable: "true"`)
 
 After syncing manifests, create a Pi-hole DNS A record:
 
-- `argo.noble.lab.pcenicni.dev` -> `192.168.50.230`
+- `argo.noble.lab.pcenicni.dev` -> `192.168.50.231`