gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bfb72cb51922bd6f35f1bbbe5aeaea782c00315b
home-server/clusters/noble/bootstrap/argocd
History
Nikholas Pcenicni bfb72cb519 Update Argo CD documentation and kustomization files to include additional applications and namespace resources. Enhance README.md with current leaf applications and clarify optional components. This improves deployment clarity and organization for bootstrap workloads.
2026-04-01 02:11:19 -04:00
..
app-of-apps
Update Argo CD documentation and kustomization files to include additional applications and namespace resources. Enhance README.md with current leaf applications and clarify optional components. This improves deployment clarity and organization for bootstrap workloads.
2026-04-01 02:11:19 -04:00
bootstrap-root-application.yaml
Enhance Argo CD integration by adding support for a bootstrap root application. Update group_vars/all.yml and role defaults to include noble_argocd_apply_bootstrap_root_application. Modify tasks to apply the bootstrap application conditionally. Revise documentation to clarify the GitOps workflow and the relationship between the core platform and optional applications. Remove outdated references and streamline the README for better user guidance.
2026-04-01 01:55:41 -04:00
README.md
Update Argo CD documentation and kustomization files to include additional applications and namespace resources. Enhance README.md with current leaf applications and clarify optional components. This improves deployment clarity and organization for bootstrap workloads.
2026-04-01 02:11:19 -04:00
root-application.yaml
Enhance Argo CD integration by adding support for a bootstrap root application. Update group_vars/all.yml and role defaults to include noble_argocd_apply_bootstrap_root_application. Modify tasks to apply the bootstrap application conditionally. Revise documentation to clarify the GitOps workflow and the relationship between the core platform and optional applications. Remove outdated references and streamline the README for better user guidance.
2026-04-01 01:55:41 -04:00
values.yaml
Update .gitignore to include generated noble-lab-ui-urls.md and enhance README.md with new role documentation. Refactor noble.yml to incorporate noble_landing_urls role for improved URL management. Add ingress configurations for alertmanager, prometheus, longhorn, and vault to support TLS termination via Traefik. Update network policies and values.yaml for vault to allow traffic from Traefik. These changes aim to streamline deployment and enhance service accessibility.
2026-03-28 16:32:21 -04:00

README.md

Argo CD — noble (bootstrap)

Prerequisites: cluster Ready, Traefik + cert-manager; DNS argo.apps.noble.lab.pcenicni.dev → Traefik 192.168.50.211 (see values.yaml).

1. Install

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
helm upgrade --install argocd argo/argo-cd \
  --namespace argocd \
  --create-namespace \
  --version 9.4.17 \
  -f clusters/noble/bootstrap/argocd/values.yaml \
  --wait

RBAC: values.yaml sets policy.default: role:readonly and g, admin, role:admin so the local admin user keeps full access while future OIDC users default to read-only until you add policy.csv mappings.

2. UI / CLI address

HTTPS: https://argo.apps.noble.lab.pcenicni.dev (Ingress via Traefik; cert from values.yaml).

kubectl get ingress -n argocd

Log in as admin; initial password:

kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath='{.data.password}' | base64 -d
echo

Change the password in the UI or via argocd account update-password.

TLS: changing ClusterIssuer (e.g. staging → prod)

If helm upgrade --wait fails with Secret was previously issued by letsencrypt-staging (or another issuer), cert-manager will not replace the TLS Secret in place. Remove the old cert material once, then upgrade again:

kubectl -n argocd delete certificate argocd-server --ignore-not-found
kubectl -n argocd delete secret argocd-server-tls --ignore-not-found
helm upgrade --install argocd argo/argo-cd -n argocd --create-namespace \
  --version 9.4.17 -f clusters/noble/bootstrap/argocd/values.yaml --wait

3. Register this repo (if private)

Use Settings → Repositories in the UI, or argocd repo add / a Secret of type repository.

4. App-of-apps (GitOps)

Ansible (ansible/playbooks/noble.yml) performs the initial install: Helm releases and kubectl apply -k clusters/noble/bootstrap. Argo then tracks the same git paths for ongoing reconciliation.

  1. Edit root-application.yaml and bootstrap-root-application.yaml: set repoURL and targetRevision. The resources-finalizer.argocd.argoproj.io/background finalizer uses Argos path-qualified form so kubectl apply does not warn about finalizer names.

  2. Optional add-on apps: add Application manifests under clusters/noble/apps/ (see clusters/noble/apps/README.md).

  3. Bootstrap kustomize (namespaces, datasource, leaf **Application**s under argocd/app-of-apps/, etc.): noble-bootstrap-root syncs clusters/noble/bootstrap. It is created with manual sync only so Argo does not apply changes while noble.yml is still running. Current leaf apps include: cilium, metrics-server, longhorn, metallb, traefik, cert-manager, kube-vip, csi-snapshot-crds, csi-snapshot-controller, kyverno, kyverno-policies, kube-prometheus, loki, fluent-bit, headlamp. Optional components with extra runtime credentials (for example newt and velero) are still Ansible-driven by default.

    ansible/playbooks/noble.yml (role noble_argocd) applies both roots when noble_argocd_apply_root_application / noble_argocd_apply_bootstrap_root_application are true in ansible/group_vars/all.yml.

    kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
kubectl apply -f clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml

If you migrated from older GitOps Application names, delete stale Application objects on the cluster (see clusters/noble/apps/README.md) then re-apply the roots.

5. After Ansible: enable automated sync for noble-bootstrap-root

Do this only after ansible-playbook playbooks/noble.yml has finished successfully (including noble_platform kubectl apply -k and any Helm stages you rely on). Until then, leave manual sync so Argo does not fight the playbook.

Required steps

  1. Confirm the cluster matches git for kustomize output (optional): kubectl kustomize clusters/noble/bootstrap | kubectl diff -f - or inspect resources in the UI.

  2. Register the git repo in Argo if you have not already (§3).

  3. Refresh the app so Argo compares clusters/noble/bootstrap to the cluster: Argo UI → noble-bootstrap-rootRefresh, or:

    argocd app get noble-bootstrap-root --refresh

  4. Enable automated sync (prune + self-heal), preserving CreateNamespace, using any one of:

    kubectl

    kubectl patch application noble-bootstrap-root -n argocd --type merge -p '{"spec":{"syncPolicy":{"automated":{"prune":true,"selfHeal":true},"syncOptions":["CreateNamespace=true"]}}}'

    argocd CLI (logged in)

    argocd app set noble-bootstrap-root --sync-policy automated --auto-prune --self-heal

    UI: open noble-bootstrap-rootApp Details → enable AUTO-SYNC (and Prune / Self Heal if shown).

  5. Trigger a sync if the app does not go green immediately: Sync in the UI, or argocd app sync noble-bootstrap-root.

After this, git is the source of truth for everything under clusters/noble/bootstrap/kustomization.yaml (including argocd/app-of-apps/). Helm-managed platform components remain whatever Ansible last installed until you model them as Argo **Application**s under app-of-apps/ and stop installing them from Ansible.

Versions

Pinned in values.yaml comments (chart 9.4.17 / Argo CD v3.3.6 at time of writing). Bump --version when upgrading.

Reference in New Issue View Git Blame Copy Permalink