infra/argo1
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Compare commits

base: infra:main
Branches Tags
infra:main
infra:prod
infra:v0
...
compare: infra:v0
Branches Tags
infra:prod
infra:main
infra:v0

No commits in common. "main" and "v0" have entirely different histories.
main ... v0

26 changed files with 186 additions and 504 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,2 @@
\#*#
*~
charts/

9
Chart.lock Normal file
View File

@ -0,0 +1,9 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 5.29.1
- name: argocd-apps
repository: https://argoproj.github.io/argo-helm
version: 0.0.9
digest: sha256:61b3270da67eb8bc6986a8cda0b41b3319dbb07df1295d0ca8cfb5cd31ccc837
generated: "2023-04-22T13:16:58.406086-05:00"

8
argo1/Chart.yaml → Chart.yaml
View File

@ -4,10 +4,12 @@ description: A Helm chart for your management ArgoCD of your management ArgoCD
type: application
version: 0.1.0
appVersion: &argoVersion |-
5.29.1
appVersion: 0.1.0
dependencies:
- name: argo-cd
version: *argoVersion
version: "5.29.1"
repository: "https://argoproj.github.io/argo-helm"
- name: argocd-apps
version: 0.0.9
repository: "https://argoproj.github.io/argo-helm"

72
README.md
View File

@ -1,72 +0,0 @@
# `argo1`
#### A different opinionated opinion on how to bootstrap your ArgoCD
This repo is a basic skeleton for managing your apps with ArgoCD.
It uses helm to bootstrap and maintain the ArgoCD installation. You may
then add additional applications in argo1/templates either as helm charts
or as directories which should live alongside `argo1`.
## Setup your own Argo1
1. Clone this repo as a template
2. If you will be using a private repo, configure a secret similar to secret.yaml
* You might also wish to use sealed secrets (via kubeseal).
* Check `secrets/` for more info on secrets and git repos.
3. update `argo1/values.yaml`
* At the very least, you will need to update the bootstrap.source.repoURL to
point to your clone -- this URL must match the prefix of the secret from
step 2, as well.
* You may configure the argo-cd helm template via the argo-cd map in values.yaml.
A basic example is available in the default values.yaml file which suppresses
installing the CRDs (which are instead installed via install-crds.sh)
4. PUSH YOUR CHANGES
* This step is super important. You _must_ push your changes to the repo
configured in step 3. If not, the status will remain Unknown as the bootstrap
will never be possible.
4. Install
```bash
bash install.sh
```
5. all done!
## App of Apps pattern
This is already an app of apps.
Add additional applications to `templates/`. These may reference Values or
they may be verbatim manifests (be careful of any `{{}}` in your manifests
though!)
Do not modify (or be careful with) `self.yaml` which is the application which
references this repo to enable self-management.
## Uninstalling
```bash
bash uninstall.sh
```
## Adding an application
An application is added to `argo1/templates` similarly to `sealed-secrets.yaml` for
a helm chart or similarly to `secrets.yaml` for a project colocated in this repo.
Steps for adding an application:
- if helm chart, copy `argo1/templates/sealed-secrets.yaml` to a new file in the same folder
- if local manifests, copy `argo1/templates/secrets.yaml` to a new file in the same folder
- update the new file. at least the following will change:
- the key in `.Values` on line 1
- `metadata.name`
- `spec.source`
Applications which affect how secrets are loaded for Git repos must update the following
pre-bootstrap files:
- `argo1/install-crds.sh`
- `argo1/delete-crds.sh`
- `install.sh`
- `uninstall.sh`
[argo-crds]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/

6
argo1/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 5.29.1
digest: sha256:bc009287f8e46edcddb1d36d4e6865080d92e97b6572ae2fd4d553d5e41cd2a2
generated: "2023-04-23T21:03:44.445603-05:00"

54
argo1/delete-crds.sh
View File

@ -1,54 +0,0 @@
#!/bin/bash
MAINDIR="$(dirname "$0")"
cd "$MAINDIR"
application_chart_info() {
F="$1"
yq -o json . "$F" | jq -r '
.spec.source
| (
@sh "CHART=\(.chart)",
@sh "VERSION=\(.targetRevision)",
@sh "REPO=\(.repoURL)"
)
'
}
dependency_chart_info() {
F="${1:-"$MAINDIR"/Chart.yaml}"
DEP="${2:-0}"
yq -o json . "$F" | jq -r --argjson d "$DEP" '
.dependencies[$d]
| (
@sh "CHART=\(.name)",
@sh "VERSION=\(.version)",
@sh "REPO=\(.repository)"
)
'
}
(
set -e
eval "$(dependency_chart_info)"
set -x
helm template argocd-crds --include-crds "$CHART" --repo "$REPO" --version "$VERSION" | yq 'select(.kind == "CustomResourceDefinition")' | kubectl delete -f -
)
RC=$?
if [ $RC -ne 0 ];then
1>&2 echo "error deleting ArgoCD CRDs"
fi
(
set -e
eval "$(application_chart_info templates/sealed-secrets.yaml)"
set -x
helm template sealed-secrets-crds --include-crds "$CHART" --repo "$REPO" --version "$VERSION" | yq 'select(.kind == "CustomResourceDefinition")' | kubectl delete -f -
)
RC=$?
if [ $RC -ne 0 ];then
1>&2 echo "error deleting Sealed Secrets CRDs"
fi

56
argo1/install-crds.sh
View File

@ -1,56 +0,0 @@
#!/bin/bash
MAINDIR="$(dirname "$0")"
cd "$MAINDIR"
application_chart_info() {
F="$1"
yq -o json . "$F" | jq -r '
.spec.source
| (
@sh "CHART=\(.chart)",
@sh "VERSION=\(.targetRevision)",
@sh "REPO=\(.repoURL)"
)
'
}
dependency_chart_info() {
F="${1:-"$MAINDIR"/Chart.yaml}"
DEP="${2:-0}"
yq -o json . "$F" | jq -r --argjson d "$DEP" '
.dependencies[$d]
| (
@sh "CHART=\(.name)",
@sh "VERSION=\(.version)",
@sh "REPO=\(.repository)"
)
'
}
(
set -e
eval "$(dependency_chart_info)"
set -x
helm template argocd-crds --include-crds "$CHART" --repo "$REPO" --version "$VERSION" | yq 'select(.kind == "CustomResourceDefinition")' | kubectl apply -f -
)
RC=$?
if [ $RC -ne 0 ];then
1>&2 echo "exiting due to error creating ArgoCD CRDs"
exit $RC
fi
(
set -e
eval "$(application_chart_info templates/sealed-secrets.yaml)"
set -x
helm template sealed-secrets-crds --include-crds "$CHART" --repo "$REPO" --version "$VERSION" | yq 'select(.kind == "CustomResourceDefinition")' | kubectl apply -f -
)
RC=$?
if [ $RC -ne 0 ];then
1>&2 echo "exiting due to error creating Sealed Secrets CRDs"
exit $RC
fi

35
argo1/templates/haproxy-ingress.yaml
View File

@ -1,35 +0,0 @@
# {{ if (index .Values "haproxy-ingress").enabled }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ .Release.Name }}-haproxy-ingress"
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
chart: haproxy-ingress
repoURL: https://haproxy-ingress.github.io/charts
targetRevision: 0.14.2
helm:
values: |-
{{ (index .Values "haproxy-ingress").values | nindent 8 }}
releaseName: haproxy-ingress
destination:
server: "https://kubernetes.default.svc"
namespace: haproxy-ingress
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 10
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s
# {{- end }}

33
argo1/templates/sealed-secrets.yaml
View File

@ -1,33 +0,0 @@
# {{ if (index .Values "sealed-secrets").enabled }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ .Release.Name }}-sealed-secrets"
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
chart: sealed-secrets
repoURL: https://bitnami-labs.github.io/sealed-secrets
targetRevision: 2.7.4
helm:
releaseName: "sealed-secrets-controller" # required for kubeseal to work ezpz
destination:
server: "https://kubernetes.default.svc"
namespace: kube-system
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 10
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s
# {{- end }}

33
argo1/templates/secrets.yaml
View File

@ -1,33 +0,0 @@
# {{ if (index .Values "secrets").enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .Release.Name }}-secrets
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
path: secrets
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
directory:
recurse: true
include: '*.yaml'
destination:
server: "https://kubernetes.default.svc"
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 10
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s
# {{- end }}

30
argo1/templates/self.yaml
View File

@ -1,30 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ .Release.Name }}"
namespace: "{{ .Release.Namespace }}"
# DO NOT place the resource finalizer here. Since this is ArgoCD itself, it
# will never be able to finalize itself since it will have to delete itself
# before removing the finalizer.
spec:
project: default
source:
repoURL: "{{.Values.bootstrap.source.repoURL}}"
targetRevision: "{{.Values.bootstrap.source.targetRevision}}"
path: argo1
destination:
namespace: "{{ .Release.Namespace }}"
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 10
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s

42
argo1/templates/vault-agent-injector.yaml
View File

@ -1,42 +0,0 @@
# {{ if (index .Values "vault-agent-injector").enabled }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ .Release.Name }}-vault-agent-injector"
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
chart: "vault"
repoURL: "https://helm.releases.hashicorp.com"
targetRevision: "0.23.0"
helm:
values: |-
{{ (index .Values "vault-agent-injector").values | nindent 8 }}
# the next line preserves the release name.
# this is optional but recommended for singleton services.
releaseName: "vault-agent-injector"
destination:
server: "https://kubernetes.default.svc"
namespace: "vault-auth"
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 10
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s
ignoreDifferences:
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
jqPathExpressions:
- '.webhooks[].clientConfig.caBundle'
# {{- end }}

26
argo1/values.yaml
View File

@ -1,26 +0,0 @@
bootstrap:
source:
repoURL: "https://set.to.your.fork/of/this"
targetRevision: "main"
secrets: {enabled: true}
sealed-secrets: {enabled: true}
haproxy-ingress:
enabled: false
values: |
# values.yaml contents here
argo-cd:
crds:
install: false
configs:
params:
"server.insecure": "true"
vault-agent-injector:
enabled: true
values: |
global:
# disable global vault because we're only using this as an agent injector
enabled: false

19
blah.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: concourse
namespace: argocd
spec:
project: default
source:
repoURL: 'https://concourse-charts.storage.googleapis.com/'
targetRevision: 17.1.1
helm:
values: |-
clusterName: Concourse
secrets:
create: true
chart: concourse
destination:
namespace: concourse
name: in-cluster

BIN
charts/argo-cd-5.29.1.tgz Normal file
View File

Binary file not shown.

BIN
charts/argocd-apps-0.0.9.tgz Normal file
View File

Binary file not shown.

20
deploy.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
cd "$(dirname "$0")"
TARGETNS="$(yq -r .spec.destination.namespace application.yaml)"
ORIGNS="$(kubectl config view --minify -o jsonpath='{..namespace}')"
(
set -e
jq -n --args '{"apiVersion":"v1","kind":"Namespace","metadata":{"name": $ARGS.positional[0]}}' "$TARGETNS" | kubectl apply -f -
[ x"$TARGETNS" != x"$ORIGNS" ] && kubectl config set-context --current --namespace argocd
helm upgrade -i --create-namespace -n argocd argocd argo/argo-cd #-f values.yaml
kubectl wait -n argocd deploy/argocd-server --for=condition=available
kubectl apply -f application.yaml
#
argocd --core app sync argocd
)
[ x"$TARGETNS" != x"$ORIGNS" ] && kubectl config set-context --current --namespace "$ORIGNS"

15
install-crds.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
cd "$(dirname "$0")"
(
set -e
eval "$(yq -o json . Chart.yaml | jq -r '.dependencies[0] | @sh "CHART=\(.name)\nVERSION=\(.version)\nREPO=\(.repository)"')"
helm template argocd-crds "$CHART" --repo "$REPO" --version "$VERSION" | yq 'select(.kind == "CustomResourceDefinition")' | kubectl apply -f -
)
RC=$?
if [ $RC -ne 0 ];then
1>&2 echo "exiting due to error"
exit $RC
fi

25
install.sh
View File

@ -1,25 +0,0 @@
#!/bin/bash
cd "$(dirname "$0")/argo1"
TARGETNS="argocd"
ORIGNS="$(kubectl config view --minify -o jsonpath='{..namespace}')"
(
set -e
1>&2 echo "creating namespace if it doesn't exist"
jq -n --args '{"apiVersion":"v1","kind":"Namespace","metadata":{"name": $ARGS.positional[0]}}' "$TARGETNS" | kubectl apply -f -
[ x"$TARGETNS" != x"$ORIGNS" ] && kubectl config set-context --current --namespace $TARGETNS
helm dependency build
bash install-crds.sh
helm install -n "$TARGETNS" argo1 .
kubectl apply -f ../secrets
kubectl wait -n $TARGETNS deploy/argo1-argocd-server --for=condition=available
until argocd --core app sync argo1-sealed-secrets;do sleep 1;done
until argocd --core app sync argo1-secrets;do sleep 1;done
until argocd --core app sync argo1;do sleep 1;done
)
[ x"$TARGETNS" != x"$ORIGNS" ] && kubectl config set-context --current --namespace "$ORIGNS"

62
poop/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "argo1.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo1.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo1.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "argo1.labels" -}}
helm.sh/chart: {{ include "argo1.chart" . }}
{{ include "argo1.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo1.selectorLabels" -}}
app.kubernetes.io/name: {{ include "argo1.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "argo1.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "argo1.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

18
poop/argocd.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ .Release.Name }}"
namespace: "{{ .Release.Namespace }}"
spec:
project: default
source:
repoURL: "{{ .Chart.dependencies[0].repository }}"
targetRevision: "{{ .Chart.dependencies[0].version }}"
chart: "{{ .Chart.dependencies[0].name }}"
helm:
values: |
{{ .Values.argocd.values | nindent 12 }}
destination:
namespace: "{{ .Values.argocd.namespace }}"
name: in-cluster

18
secrets/README.md
View File

@ -1,18 +0,0 @@
Secrets.
Any manifests in this folder ending in .yaml will be installed.
It is recommended that SealedSecrets or similar are used to
avoid directly including secrets in your Git repo.
For example, the sample secret may be modified and then sealed.
```bash
cp git-creds-plain.yaml.sample git-creds-plain.yaml
vi git-creds-plain.yaml
kubeseal -o yaml < git-creds-plain.yaml > git-creds.yaml
rm git-creds-plain.yaml
git add git-creds.yaml
git commit -m 'add git-creds sealed secret'
git push
```

22
secrets/sealed-secret.yaml
View File

@ -1,22 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: local-git-token
namespace: argocd
spec:
encryptedData:
password: AgAlNckjIJjOhBKYA54pngBa50DagQ6BtT0I9vvjyhbwBV62efdfnIrRcPSUzrXzSnCMrJPFCYyGZQwHCe7+MurVLPX+i94bBDFjZlGwP7kokaMQjTi4122nWbM0y9AGrYQUtDV3KodRdUkhRP8aAuhqtbzOjqSKB96xHc9EzUKupwrhs7iymbY50d5b7FVxvCBWL0ZzctIwlZU7o2OQ46ImmrAo/0Hn1ueI2wsuhSjg4a4xsh1GipVsRWTCuLO5Ot0eDOgEqQEhTQji5+uwOy4iCuYnj+UHlNodClGsn9MsRv4dIZhCt8kapKKTv4PdQNKSq9JjefgPjyXJs7Za5xTOj07KSsOHdrOQOBNzbf2piaKiGt3p1e8/NhdhB4ODpxbW973y/2ErR4xcf+hpCKQ8CqffNIYEvcRs+NcZAq0afaHQymWTjzqRgYjtceDp8gNIUbQxD5WRlbvaxRwgDWfe4aSrp/cRw7JbwkcOEQGfjGNJr15PmYO7jT8yb8ZJNavUG9KK4tCio8j2nCC7OZECewWr1vj/FLquYvD6AYeKMHKgfL2eRdxcqTwbXIoWXAP6JeWF1oN97xN0TANPljf+Pyt89D73BHMDVuQ1Ei2528y7JZy6xir7C3PoDRBBbSX0imMmHFCngSwtbGYMKdRfbxJ7rG+aamYGo6LUfqArrpnXDGPe4ti/FIp/fUKjYs7azT1f+Ntwfg==
project: AgCaMGRFcW9LaVW8M5dLLwpEGEAnbwXgHZzBWkgkc804rL9lKNuu6L40l0QmZizziEf14u3MdVh5VecHo9julJgMQNaArWIwOLRGR3vcETcYdYHjMmQwUT+TO7GwY7xJZCAxEKMoQrM74ha+wgT2uWMn0uEOFTkobTQfnWLoTlXZcspIWFcTNhdgZeJKAqZMKIt7yE1CF0AjMy+7XWDAGHOByyWllpZSHp2wh78fuaK0tLGzY50+NmwE44cft6lATSh5a/Ko1UL+1uCDeMRvrs2cR5+1Zh9MNWbXHKCggyM81vojf831p58dfJ3yPzXJTWLADZ/k2o3liWvY43W5mp/C4my9wUYR9JRXFsByvbvtu+7vvdhFV2YLEPErKvJAVv66R/r+6u3YQTAAtz8iAHaxLtEn9Tj91b+iBeCqZnnChqfRF4Ts2XZvSmwH6O1V8k6Lv1s9ULYN7lDesvO0W4vbkO01P72vaPgjWYgDLkxeWrnEx5jQM9jPs29U9NaCiiWxnHxReGN87WklCA0Gsb5eyXmbXoh50qICx26Cf2TUqbrVGyMPT0pEJdavXpX7mgQDohP9iAy9ALGFicUmZ8gDH9DeadtqkHT8UgGWWoAGroTMulRCWK1v+plVfRJkfrtw3AXmWTegkNFYX8lYjyAHJokMOEpF4OjL1By2XngfwAnd2eAiSWtU1cPL1Jjv2NCYDR5ZlHXu
type: AgBWOyU8137TFCt3kJC2WJV3gXlBQEirknbHVmS3IDcxwmyhuIxZh5NeLbDfc7Ip9OEtGQFViBD523gUzr3qJRZBE0IAWplF98+NwRopT3jVjxRCt8H6yF8+/3EiagUBe/9WM/eb5+S428KMDT7eDn9PiB6pEjoduxD5w/l+QDBUQQOoejc98bzxjC8ml8EpkaMS4H4yiO7JAlW2QYFRyF1fFaopoEdwyIEkPJ5Br/TXDOtdJeCEIhUhNKE+wQmNZc7MBJKWiqGyb54HzdsAndmF2PQs1FZ+sUCn0xJtu1pP8WTpcKGm4VpHPASlDNQgpuNFBvkYRGe+MErAmqyrAs0E5VU3R0qoIkmbhuvXY+gOploJ2YljG5gqLUx8DtECoSmkrF92oQZx61Yf4duvE/mEciWcDRThzUXwrG8A+qj8B/JxomoEQB4xu/l3WgNBOPMonF77b2dpTckBfH9VH70QKygbMTGAj7zl/sZDavPMZq37SCqNTmRhcDBs1qt3wtv8sUy6F4RUmr6XZsOtePxGg+WYijeHpXXeQSu7oASiZgUcNnjIPFPLc64IXoUv3s4a/QiSGRCgz8uUqws6QSu+TggY4P7f8VBOrJATv4jbOc++XGgWe0o/+b9oQACn5qPrdCkR4hiGd5wZ1BQXVINK5FMXCJq3l4kIjxDdKC6TjfG4vhi2VLld5eAz6f9cNphrocM=
url: AgAk92yrw8BJX0rVsCkZOEz3PhkLMoNhKBOXEAGqlcH+AESKIKUH152fMcfFKNj3DBrOEaNGXM+HiM1DLCd+e4A46ytx/aqSF4uEno2853wLlHjlLQlqfSWdkMYwosSV11Y9MuMGhGTMyCB/u10QUIycUjBs/gZEHDrJV/ObJYtw1pIlMadeKG5nomYYoOiMArdKZ1EXqv010imTItAhrW+Xn4h7/GftCEm2vWPbCdTbFBNIirif2DIAge7kTM3NeLzeLdAqf+tM7+A2Ekw7lU6+bnuVGGNWzEbQI/e4soSGYATQqVdhRPD/UFRJJrmp6IFZ2ymgqKr7t7EbTJ8UKr+GiMP2Gy/9ihBe3cDiQuVEfj791yHMSfChkIQ4vDYzJjMueYJE5pAz04y6QMbqgDxfVaQlx1B2XTP2ma3W+9bMB8vrDCuqK5iWtfM1jSmLVnM10KCsxcQAraE6C8jOArpkUqMPzsCmIfAudEe8FUxv56EeOP0MVT7sHLDKjklxqfgFCzzeqpGAZOP+k8zLT89vXlqbgeUWl3VmXMRqheDmhS6v8YiwJhkusvEdMeC8GOukvXM5limKC/+SZDIUNLlf0wct8/ymi0nkkmcGsfI2Jl7M5ZyOrjjXfvMLeNhc/vE+atXeKIXy8NLoDM0UwjyvMiO2mOpx3ZUwu2M5ff2i9n3rpxevYTh+fpOLWz2CXpLkMzvIm8wIgOow/4mWWYuY1Oqg
username: AgCIo+y2uwCJVEfnLl8wwTKLyw10rMfpJExCHcXq7dBlYWit2tG/uBQr6SM0jqlRINoe0jSNcaVUuzdRZWjvRwW7fwRonz2rjFih9wdmCXYhSc5K4qF5FeB8mO7tmOW+CzILUviZfqnqTyYLzd66BV2etCusuGHPBGomOYsaELYLMzQmpKPLt7an4PP8dUAM09aCeKe0KkTwQcgCkNRKBPRysg1mXnulCpGgWdUDGsj5QCM3byp2+l45g+/RDvELZgnkRjzVNNnXK9AI4Xy3vekDMoNEuFX3A+YWoBwI6LRSRWFOy5hi6w596PrvCq/O4FEomIsFqk9jkBY7dEVXsUX6JKVpIxkwtlKSChO3rt558YGipamt1csNKstM7frgtkzfXoNB7jQiKzHULeimtZnUOSjI8TaboeBKKKLHfrlbIWrJBHD1xJ3kuYCM/O7dpHM5aGBOwPSbjc72ur9Lso/uDs/ZvibsYkuaIBnP+Y8rj+t2d6cFe8//W4zcC90L+0Gnxn1/rLyuAp+B92bb13yq7sY50la2zu7zmvsL41/V4NYErgAUMciT2bSZMvSNh6wtx2IhCyJJSByDbsUMth7ixzfbuK8bgIeoyS3L3V17pB90YI9ttGNLmZ5zJLXzIhejD817EpnrIXHBQqjl0fNpxRgwJw2rmAH8fkKxSbsdT+hX3BORI/LUmFMuXuWhsarwbjTXmVHUV5qvbX0=
template:
metadata:
creationTimestamp: null
labels:
argocd.argoproj.io/secret-type: repo-creds
name: local-git-token
namespace: argocd
type: Opaque

14
secrets/secret.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
stringData:
password: password
project: default
type: git
url: https://github.com/
username: bobtedsmithy
kind: Secret
metadata:
labels:
argocd.argoproj.io/secret-type: repo-creds
name: local-git-token
namespace: argocd
type: Opaque

34
uninstall.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash
cd "$(dirname "$0")/argo1"
TARGETNS="argocd"
ORIGNS="$(kubectl config view --minify -o jsonpath='{..namespace}')"
all_subapps() {
(
for f in templates/*.yaml;do
sed -e '1!d' "$f"
done
) \
| grep -Eo '^#? *[{][{](- )? *if [(]index [.]Values "[^"]*"[)][.]enabled *( -)?[}][}]' \
| cut -d '"' -f 2
}
(
set -e
[ x"$TARGETNS" != x"$ORIGNS" ] && kubectl config set-context --current --namespace $TARGETNS
(
IFS=$'\n'
for app in $(all_subapps);do
argocd --core app set argo1 --helm-set "$app".enabled=false
done
)
sleep 10
argocd --core app wait --sync argo1
helm uninstall -n "$TARGETNS" argo1
bash delete-crds.sh
)
[ x"$TARGETNS" != x"$ORIGNS" ] && kubectl config set-context --current --namespace "$ORIGNS"

38
values.yaml Normal file
View File

@ -0,0 +1,38 @@
argo-cd:
crds:
install: false
configs:
params:
"server.insecure": "true"
controller:
replicas: 2
server:
ingress:
enabled: true
hosts: &hhosts
- argocd.strudelline.net
tls:
- hosts: *hhosts
secretName: wildcard-tls
ingressGrpc:
enabled: true
hosts: &ghosts
- grpc-argocd.strudelline.net
tls:
- hosts: *ghosts
secretName: wildcard-tls
argocd-apps:
applications:
- name: argo1
namespace: argocd
project: default
destination:
server: https://kubernetes.default.svc
namespace: argocd
source:
repoURL: https://git.strudelline.net/infra/repo1
targetRevision: HEAD
path: .