home-server/clusters/noble/bootstrap/argocd/README.md

Argo CD — noble (bootstrap)

Prerequisites: cluster Ready, Traefik + cert-manager; DNS argo.apps.noble.lab.pcenicni.dev → Traefik 192.168.50.211 (see values.yaml).

1. Install

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
helm upgrade --install argocd argo/argo-cd \
  --namespace argocd \
  --create-namespace \
  --version 9.4.17 \
  -f clusters/noble/bootstrap/argocd/values.yaml \
  --wait

RBAC: values.yaml sets policy.default: role:readonly and g, admin, role:admin so the local admin user keeps full access while future OIDC users default to read-only until you add policy.csv mappings.

2. UI / CLI address

HTTPS: https://argo.apps.noble.lab.pcenicni.dev (Ingress via Traefik; cert from values.yaml).

kubectl get ingress -n argocd

Log in as admin; initial password:

kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath='{.data.password}' | base64 -d
echo

Change the password in the UI or via argocd account update-password.

3. Register this repo (if private)

Use Settings → Repositories in the UI, or argocd repo add / a Secret of type repository.

4. App-of-apps (optional)

1. Edit root-application.yaml: set repoURL and targetRevision to this repository. The resources-finalizer.argocd.argoproj.io/background finalizer uses Argo’s path-qualified form so kubectl apply does not warn about finalizer names.

2. Commit Application manifests under apps/ (see apps/README.md).

3. Apply the root:

   kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
   

apps/noble-platform.yaml lists Helm charts and a Git path for clusters/noble/apps (see kustomization.yaml there).

Versions

Pinned in values.yaml comments (chart 9.4.17 / Argo CD v3.3.6 at time of writing). Bump --version when upgrading.