gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
41841abc846d6e519e55b6a40d3c9a0787a7bade
home-server/clusters/noble/bootstrap/argocd/README.md

2.9 KiB
Raw Blame History

Argo CD — noble (bootstrap)

Prerequisites: cluster Ready, Traefik + cert-manager; DNS argo.apps.noble.lab.pcenicni.dev → Traefik 192.168.50.211 (see values.yaml).

1. Install

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
helm upgrade --install argocd argo/argo-cd \
  --namespace argocd \
  --create-namespace \
  --version 9.4.17 \
  -f clusters/noble/bootstrap/argocd/values.yaml \
  --wait

RBAC: values.yaml sets policy.default: role:readonly and g, admin, role:admin so the local admin user keeps full access while future OIDC users default to read-only until you add policy.csv mappings.

2. UI / CLI address

HTTPS: https://argo.apps.noble.lab.pcenicni.dev (Ingress via Traefik; cert from values.yaml).

kubectl get ingress -n argocd

Log in as admin; initial password:

kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath='{.data.password}' | base64 -d
echo

Change the password in the UI or via argocd account update-password.

TLS: changing ClusterIssuer (e.g. staging → prod)

If helm upgrade --wait fails with Secret was previously issued by letsencrypt-staging (or another issuer), cert-manager will not replace the TLS Secret in place. Remove the old cert material once, then upgrade again:

kubectl -n argocd delete certificate argocd-server --ignore-not-found
kubectl -n argocd delete secret argocd-server-tls --ignore-not-found
helm upgrade --install argocd argo/argo-cd -n argocd --create-namespace \
  --version 9.4.17 -f clusters/noble/bootstrap/argocd/values.yaml --wait

3. Register this repo (if private)

Use Settings → Repositories in the UI, or argocd repo add / a Secret of type repository.

4. App-of-apps (optional GitOps only)

Bootstrap platform workloads (CNI, ingress, cert-manager, Kyverno, observability, Vault, etc.) are installed by ansible/playbooks/noble.yml — not by Argo. apps/kustomization.yaml is empty by default.

  1. Edit root-application.yaml: set repoURL and targetRevision to this repository. The resources-finalizer.argocd.argoproj.io/background finalizer uses Argos path-qualified form so kubectl apply does not warn about finalizer names.

  2. When you want Argo to manage specific apps, add Application manifests under apps/ (see apps/README.md).

  3. Apply the root:

    kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml

If you migrated from GitOps-managed noble-platform / noble-kyverno, delete stale Application objects on the cluster (see apps/README.md) then re-apply the root.

Versions

Pinned in values.yaml comments (chart 9.4.17 / Argo CD v3.3.6 at time of writing). Bump --version when upgrading.

Reference in New Issue View Git Blame Copy Permalink