wip

2023-04-23 14:24:00 -05:00 · 2023-04-23 14:24:00 -05:00 · af2b996a46
commit af2b996a46
parent a466ef1410
11 changed files with 142 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,60 @@
+# `argo1`
+
+### A different opinionated opinion on how to bootstrap your ArgoCD
+
+This repo is a basic skeleton for managing your apps with ArgoCD.
+
+It uses helm to bootstrap and maintain the ArgoCD installation.  You may
+then add additional applications in argo1/templates either as helm charts
+or as directories which should live alongside `argo1`.
+
+## Setup your own Argo1
+
+1. Clone this repo as a template
+2. If you will be using a private repo, configure a secret similar to secret.yaml
+  1. You might also wish to use sealed secrets (via kubeseal).
+3. Install CRDs
+
+  *Preferred:*
+  ```bash
+  bash ./install-crds.sh
+  ```
+
+  This runs helm template but filters only the CRDs and installs them.  This is
+  preferred to installing from tip of argocd since this helm template method
+  will ensure the correct versions of CRDs are installed.
+
+  *Alternative:*
+  A suggested command to install via kubectl from [the ArgoCD docs][argo-crds]:
+
+  ```bash
+  kubectl apply -k https://github.com/argoproj/argo-cd/manifests/crds\?ref\=stable
+  ```
+
+3. update values.yaml
+  * At the very least, you will need to update the bootstrap.source.repoURL to
+    point to your clone -- this URL must match the prefix of the secret from
+    step 2.
+  * You may configure the argo-cd helm template via the argo-cd map in values.yaml.
+    A basic example is available in the default values.yaml file which suppresses
+    installing the CRDs (which are instead installed via install-crds.sh)
+  
+4. Install
+   ```bash
+   helm install --dependency-update argo1 .
+   ```
+5. all done!
+
+## App of Apps pattern
+
+This is already an app of apps.
+
+Add additional applications to `templates/`.  These may reference Values or
+they may be verbatim manifests (be careful of any `{{}}` in your manifests
+though!)
+
+Do not modify (or be careful with) `1-self.yaml` which is the application which
+references this repo to enable self-management.
+
+
+[argo-crds]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/
--- a/argo1/.values.yaml.swp
+++ b/argo1/.values.yaml.swp
--- a/argo1/README.md
+++ b/argo1/README.md
--- a/argo1/charts/argo-cd-5.29.1.tgz
+++ b/argo1/charts/argo-cd-5.29.1.tgz
--- a/argo1/secrets-local.yaml
+++ b/argo1/secrets-local.yaml
@ -2,15 +2,13 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: local-git-token
+  name: argocd-git-repo-creds
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repo-creds
 stringData:
  type: git
-  url: https://git.strudelline.net/
+  url: https://github.com/
  project: default
-  password: 96dee6522bd52b6ae29b64d250a7d0781ac8cc6a
-  username: james
-  project: default
-
+  password: abcd1234xyzqrstffffffffffffff
+  username: bobsmithtedothy
--- a/argo1/secrets-sealed.json
+++ b/argo1/secrets-sealed.json
@ -0,0 +1,28 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "local-git-token",
+    "namespace": "argocd",
+    "creationTimestamp": null
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "local-git-token",
+        "namespace": "argocd",
+        "creationTimestamp": null,
+        "labels": {
+          "argocd.argoproj.io/secret-type": "repo-creds"
+        }
+      }
+    },
+    "encryptedData": {
+      "password": "AgCrPpaueeC98AAO4vUUFacf3nxHvm6Cwb3BGNggNJPOPRAWfnBnQlgSNXjpxcb/ugVl/CUzyl7nE58hvL7kgE84OTUNlNV1QNPQht+7GNhbOAUpujnMEouoTdhAL20dJ87zAxI1bK36eyXw9z21q0EaclSivr9Xzy/XPeozEtZA0mE5Ie7imNzvicVegt+7F2VGWHA6ZbhrLzQ3PW+YJ0iqkyiGW2G0RTgzcMHcbrAIs/7yPakzDdMi30mP3Esnd2RyThJtTNv+4sqjbf1WJlz2kJ2jep+B+n7Q/wlJ/pzSOhYZE50NjCnxtUpXa0sDpPYgAu/i4ZDL3rjsD7YbI0HHa3eMc+RFvqWuN3LR2t0d83ETGPCYZmuRcV2rZ0VCL9FG3KmlaSCm/5Td8rU1bEuc+IPqFKgrrr4srhOzjC6yZtqdmqD/X+1uprXM1nLs0/xFELVI9BHZhsVq2BWm4v0469Ks+URVa3gYjl7w37PfEQR5MJyhbzxXdHisNyjHVWWWWWgSdgZPwT7Ga2tJ/05So/KPjrejmI9368Brj5Ijre2xVNSUTSvuEMmJ/4J50f9uQ2x/kYnPgi6W13kZ6Ij2mOmkGStFSNQ1cEYfvHbF/Ac3K+nkRG4q8VMOwWXjLArLdAkYRm6KrNom24HZKjACeM9cg8t7O3ka/rtEtVGNonV+dAO1vgPBQiRe426n3G96e45SyczeYOyiQXM+EK+056s1THno82S1GsOKd30zZTFwYc+rBL8s",
+      "project": "AgBgc4SimGITdak1irksspEwZQVOTfr2alI3vI6G7HKyGkZndKefQu2q8y11u5+JyMpTYXjkNDeyAr+h46yxer8DGmTG/Te5nm+OyeqZSB2JoMnTxzNQcesmgk7rIC/UkIOYMjYWGUc/ZtEdcObGlluYPeY3JzOeH47E50T3TfbR4AbXcxzsNbQpPrxEeQEtLtcQYSVK7/Si93ot+0062mjtU8+QtJkuVwAZSFPsknsUDHwwB0/dGyjPNGSDxCQhG78GHvWOGaWZJJovRpEUz5ehJ5v78t69nUw10Xcb3MTGJZQVLBNfMv64YmYR3VHsXRCtR4LQEUvYyax3706U7Q7MX7pgpfQsKINrpVpJAZNn02b/ejPSmMCpHrm+ePmhsS0Om5kWC1rOB5BVFnD0Ocn7/22jbOAx9Tix6e4Jaw8zgTYG9TGkIRRjQGzmzzjES+8v2J6OHK+I4AI3QamnDm+0lvMIvwp+a9ifSR6Mr/35EU1uqHdZlPoOUkLV10EseWwL/b4PPQ88K7fM18ijk2atPNJ95nqsgHoXi05DGQBF1iz0tF1F4Dp9VYDbY/cGMJGJKu6+4UJ7CqssKXNmz1X1ks8VJAymM73D9kG/LybM8XXCjP6vK6Nkd9AsrukZk/o/ZzTFsN7bHgrM+INvgqsD/cSAx7Zq2LmFHA0P43OnaJqvoWZpkho1faOEQf6XUucMBhnbMppu",
+      "type": "AgCJqmj46leRcOtPPq8j2jGreNiSnipk8ak8Fh6Evpq6o8/Q29yDSa/w3L5iZ0ilpL4xuZqIk4UJD1HZ1z9rDFzGTxP8wY9tlZJy0qdT9apOgnQVGw+J1xMc/AreXM7nNZ39Wvi3QvuRqNbA7oRA2a9fGbKBTalJyUkgP5LvOSlpd0t/p5hPWn4K+4PB9JoeonT/kvGF8Z1iyfN4f5Dsm+LR8BKBgGdiI2ztx/q3zdpSnEvg0an5enPjU0e+44S9FcS4zM/vx+W7nkB+KgM5vi+Dy82K34oRV8Ux0W7bsn5L1aH2KsDwUU6+x75oZ1NhAC2WWRB/wVadhSXLDmA0ZL10abJqVM8ixdYuOQqgJyZdJSOZs9NVlVbzWOB/Y5nJbdLyOofoxu0jLsMPmZcj1CDa/0TkIrgbDsEbtrEZLCyyoB1kfNn5pWjVkGdr80OQLLh6BEpd7lMpdyuRWMCeGnJA7N5wX6nXR7TbMNfBCLTa3PiaHom8MiNbbrBOXxtjvpt0tGbSNtcXVMdqiiR+AmJ5LAPOA/DvJNNAakkp/72mpDg48bS9+te13AY5e6zWSzwelwCGF6VgHWSJ59N3FWJWYyBI9v4w83OtL4phhMe9kebpIDt89yG0sm7cwiRjW7B5KnImVe51pBT3xzow50H1SsX7sEfxDCSJqAL888USQ2MvMNcvc3lGd9DS97EDN2y2Z1o=",
+      "url": "AgBeMXNzB5eT5gZHbf2ZZWBeBSHqdm2mb3WezMAA/9qHE8epYYC9oC21gOjfq4AapWrbaBd0I+ScciEIvIZ6pr5Lwk4yVSpShSgYnCW+iS53EPp2YfcHoc5T4a3Si7sSvbpEbNTSY56Q4tL9vTyfKVUk3iVdQxiUgK3aKN1QZky8XS6/Z7yF03PuwymN40PkdmivSgn9Qy8VSOLhw7Uw3RGprcDyJ2IjUNbosyUxW8ifT1Tune4BUmKfyOrOBDEe4kAw8XWM5C/0E7z3qMVDOl7Uu2qR3NbcAwX3FF7UD4YWCD3g7j22F6WjJCtImRNHygkCHy2Xv15QlBptJtSNYwWkwSQS7BXPlikQOqtu9QQAo7BJ2RCy9bsEAciIBWYfqDa69dmL1hYCq/kBnutQleaLbZPVDXFRxZAdSOewGYq1Xd3hpN0GPbOsOmMTRQQmBQBLwuqA7kF6lbWLqyfKngQllKc7aUYRiCK1ce6HLqPLaH3hUoztPdKUQD2K1G1+2+RztxgF3vlUlo7twSqh5IbGnifZBDHEnnjC6iAz4Y61qdLCdBnR81JtfFGi8W/Ar/K/B9NnTdIPqTLUF056pLaPC17OmeiaQJ9o172nSU928wMXybvMj3hRvgagHtADFaPcG6u5lHggMY9d9x76UouWlhqMs/WczsKgadOWAL3P7DX48d1mX5Bx1jtKzu7WE97XrhsVqKBEl/GuyH01tSQwm+AzIvsmChrV46JZ",
+      "username": "AgCzvfwyKtys4rAj1UVt0Hrgb3BAl9woA46eoAeo2EdtTnlPuvrVpenBQ+GkoLeGHN/sbuyK1GUKktRBjj9Y9OlziJBwT93EYryS0Ro3WiCbeal7oCXzyWDL2zEXpkrwmi9gBYZWw+yTTGtmHdtoRgnv/3QypmLRTJHtUnv+wwfzF2YR5LwOS5guGTPQBsVUBLC0roEI5PawIIPJlHQMWjijZbcekUjzVE3Kr85xPCyyZ3qEymvJH4jAzC22uDYU5riv8+g1UBABDKPRZFt5mMFM5NoJa2BsOqqp3I/URAOdLbfX7z50MktbJLITooEU7k8SbmDH3tewbsPCDzlmRePd945wKQPWUJaplqIwpszlB2+iVo3qPjb31/yMhrkZFmXXJIACYJij8kDrfESEbL/ObsynAMByN3UivCNnks03aouOhoCSn88Aiz4cvhm7w/U5ADdPMFQv01+HsPeKOy+nXMxii+phAmaLMpEb4E8k+it2aGg4SWRTCuefST5Sy9i94+UVKldUHbAus8pVaEHgKO6Tfx+psXe+Y2wQSk75HYU9LvBbNQzaeGIJ67RLU439LjB2WAyXglJEr8rH5DndZHpmG9fy0xh41uYBkXSgoVYkGcqi63LEHEhcw0BlkLvhvIwom96kKyT3VrAnSwgaryBUf5E7twJ3taBq6wU6lcSmTDCQMiX1wyTkWB7y5Prb6tmNSw=="
+    }
+  }
+}
--- a/argo1/templates/1-self.yaml
+++ b/argo1/templates/1-self.yaml
@ -7,7 +7,9 @@ metadata:
 spec:
  project: default
  source:
-{{ .Values.bootstrap.source | toYaml | nindent 4 }}
+    repoURL: "{{.Values.bootstrap.source.repoURL}}"
+    targetRevision: "{{.Values.bootstrap.source.targetRevision}}"
+    path: argo1
  destination:
    namespace: "{{ .Release.Namespace }}"
    name: in-cluster
--- a/argo1/templates/sealed-secrets.yaml
+++ b/argo1/templates/sealed-secrets.yaml
@ -0,0 +1,19 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: "{{ .Release.Name }}-sealed-secrets"
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  project: default
+  source:
+    repoURL: "{{ .Values.bootstrap.source.repoURL }}"
+    targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
+    path: sealed-secrets
+  destination:
+    namespace: kube-system
+    name: in-cluster
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
--- a/argo1/templates/secrets-sealed.yaml
+++ b/argo1/templates/secrets-sealed.yaml
@ -0,0 +1,20 @@
+kind: SealedSecret
+apiVersion: bitnami.com/v1alpha1
+metadata:
+  name: local-git-token
+  namespace: argocd
+  creationTimestamp: null
+spec:
+  template:
+    metadata:
+      name: local-git-token
+      namespace: argocd
+      creationTimestamp: null
+      labels:
+        argocd.argoproj.io/secret-type: repo-creds
+  encryptedData:
+    password: AgCrPpaueeC98AAO4vUUFacf3nxHvm6Cwb3BGNggNJPOPRAWfnBnQlgSNXjpxcb/ugVl/CUzyl7nE58hvL7kgE84OTUNlNV1QNPQht+7GNhbOAUpujnMEouoTdhAL20dJ87zAxI1bK36eyXw9z21q0EaclSivr9Xzy/XPeozEtZA0mE5Ie7imNzvicVegt+7F2VGWHA6ZbhrLzQ3PW+YJ0iqkyiGW2G0RTgzcMHcbrAIs/7yPakzDdMi30mP3Esnd2RyThJtTNv+4sqjbf1WJlz2kJ2jep+B+n7Q/wlJ/pzSOhYZE50NjCnxtUpXa0sDpPYgAu/i4ZDL3rjsD7YbI0HHa3eMc+RFvqWuN3LR2t0d83ETGPCYZmuRcV2rZ0VCL9FG3KmlaSCm/5Td8rU1bEuc+IPqFKgrrr4srhOzjC6yZtqdmqD/X+1uprXM1nLs0/xFELVI9BHZhsVq2BWm4v0469Ks+URVa3gYjl7w37PfEQR5MJyhbzxXdHisNyjHVWWWWWgSdgZPwT7Ga2tJ/05So/KPjrejmI9368Brj5Ijre2xVNSUTSvuEMmJ/4J50f9uQ2x/kYnPgi6W13kZ6Ij2mOmkGStFSNQ1cEYfvHbF/Ac3K+nkRG4q8VMOwWXjLArLdAkYRm6KrNom24HZKjACeM9cg8t7O3ka/rtEtVGNonV+dAO1vgPBQiRe426n3G96e45SyczeYOyiQXM+EK+056s1THno82S1GsOKd30zZTFwYc+rBL8s
+    project: AgBgc4SimGITdak1irksspEwZQVOTfr2alI3vI6G7HKyGkZndKefQu2q8y11u5+JyMpTYXjkNDeyAr+h46yxer8DGmTG/Te5nm+OyeqZSB2JoMnTxzNQcesmgk7rIC/UkIOYMjYWGUc/ZtEdcObGlluYPeY3JzOeH47E50T3TfbR4AbXcxzsNbQpPrxEeQEtLtcQYSVK7/Si93ot+0062mjtU8+QtJkuVwAZSFPsknsUDHwwB0/dGyjPNGSDxCQhG78GHvWOGaWZJJovRpEUz5ehJ5v78t69nUw10Xcb3MTGJZQVLBNfMv64YmYR3VHsXRCtR4LQEUvYyax3706U7Q7MX7pgpfQsKINrpVpJAZNn02b/ejPSmMCpHrm+ePmhsS0Om5kWC1rOB5BVFnD0Ocn7/22jbOAx9Tix6e4Jaw8zgTYG9TGkIRRjQGzmzzjES+8v2J6OHK+I4AI3QamnDm+0lvMIvwp+a9ifSR6Mr/35EU1uqHdZlPoOUkLV10EseWwL/b4PPQ88K7fM18ijk2atPNJ95nqsgHoXi05DGQBF1iz0tF1F4Dp9VYDbY/cGMJGJKu6+4UJ7CqssKXNmz1X1ks8VJAymM73D9kG/LybM8XXCjP6vK6Nkd9AsrukZk/o/ZzTFsN7bHgrM+INvgqsD/cSAx7Zq2LmFHA0P43OnaJqvoWZpkho1faOEQf6XUucMBhnbMppu
+    type: AgCJqmj46leRcOtPPq8j2jGreNiSnipk8ak8Fh6Evpq6o8/Q29yDSa/w3L5iZ0ilpL4xuZqIk4UJD1HZ1z9rDFzGTxP8wY9tlZJy0qdT9apOgnQVGw+J1xMc/AreXM7nNZ39Wvi3QvuRqNbA7oRA2a9fGbKBTalJyUkgP5LvOSlpd0t/p5hPWn4K+4PB9JoeonT/kvGF8Z1iyfN4f5Dsm+LR8BKBgGdiI2ztx/q3zdpSnEvg0an5enPjU0e+44S9FcS4zM/vx+W7nkB+KgM5vi+Dy82K34oRV8Ux0W7bsn5L1aH2KsDwUU6+x75oZ1NhAC2WWRB/wVadhSXLDmA0ZL10abJqVM8ixdYuOQqgJyZdJSOZs9NVlVbzWOB/Y5nJbdLyOofoxu0jLsMPmZcj1CDa/0TkIrgbDsEbtrEZLCyyoB1kfNn5pWjVkGdr80OQLLh6BEpd7lMpdyuRWMCeGnJA7N5wX6nXR7TbMNfBCLTa3PiaHom8MiNbbrBOXxtjvpt0tGbSNtcXVMdqiiR+AmJ5LAPOA/DvJNNAakkp/72mpDg48bS9+te13AY5e6zWSzwelwCGF6VgHWSJ59N3FWJWYyBI9v4w83OtL4phhMe9kebpIDt89yG0sm7cwiRjW7B5KnImVe51pBT3xzow50H1SsX7sEfxDCSJqAL888USQ2MvMNcvc3lGd9DS97EDN2y2Z1o=
+    url: AgBeMXNzB5eT5gZHbf2ZZWBeBSHqdm2mb3WezMAA/9qHE8epYYC9oC21gOjfq4AapWrbaBd0I+ScciEIvIZ6pr5Lwk4yVSpShSgYnCW+iS53EPp2YfcHoc5T4a3Si7sSvbpEbNTSY56Q4tL9vTyfKVUk3iVdQxiUgK3aKN1QZky8XS6/Z7yF03PuwymN40PkdmivSgn9Qy8VSOLhw7Uw3RGprcDyJ2IjUNbosyUxW8ifT1Tune4BUmKfyOrOBDEe4kAw8XWM5C/0E7z3qMVDOl7Uu2qR3NbcAwX3FF7UD4YWCD3g7j22F6WjJCtImRNHygkCHy2Xv15QlBptJtSNYwWkwSQS7BXPlikQOqtu9QQAo7BJ2RCy9bsEAciIBWYfqDa69dmL1hYCq/kBnutQleaLbZPVDXFRxZAdSOewGYq1Xd3hpN0GPbOsOmMTRQQmBQBLwuqA7kF6lbWLqyfKngQllKc7aUYRiCK1ce6HLqPLaH3hUoztPdKUQD2K1G1+2+RztxgF3vlUlo7twSqh5IbGnifZBDHEnnjC6iAz4Y61qdLCdBnR81JtfFGi8W/Ar/K/B9NnTdIPqTLUF056pLaPC17OmeiaQJ9o172nSU928wMXybvMj3hRvgagHtADFaPcG6u5lHggMY9d9x76UouWlhqMs/WczsKgadOWAL3P7DX48d1mX5Bx1jtKzu7WE97XrhsVqKBEl/GuyH01tSQwm+AzIvsmChrV46JZ
+    username: AgCzvfwyKtys4rAj1UVt0Hrgb3BAl9woA46eoAeo2EdtTnlPuvrVpenBQ+GkoLeGHN/sbuyK1GUKktRBjj9Y9OlziJBwT93EYryS0Ro3WiCbeal7oCXzyWDL2zEXpkrwmi9gBYZWw+yTTGtmHdtoRgnv/3QypmLRTJHtUnv+wwfzF2YR5LwOS5guGTPQBsVUBLC0roEI5PawIIPJlHQMWjijZbcekUjzVE3Kr85xPCyyZ3qEymvJH4jAzC22uDYU5riv8+g1UBABDKPRZFt5mMFM5NoJa2BsOqqp3I/URAOdLbfX7z50MktbJLITooEU7k8SbmDH3tewbsPCDzlmRePd945wKQPWUJaplqIwpszlB2+iVo3qPjb31/yMhrkZFmXXJIACYJij8kDrfESEbL/ObsynAMByN3UivCNnks03aouOhoCSn88Aiz4cvhm7w/U5ADdPMFQv01+HsPeKOy+nXMxii+phAmaLMpEb4E8k+it2aGg4SWRTCuefST5Sy9i94+UVKldUHbAus8pVaEHgKO6Tfx+psXe+Y2wQSk75HYU9LvBbNQzaeGIJ67RLU439LjB2WAyXglJEr8rH5DndZHpmG9fy0xh41uYBkXSgoVYkGcqi63LEHEhcw0BlkLvhvIwom96kKyT3VrAnSwgaryBUf5E7twJ3taBq6wU6lcSmTDCQMiX1wyTkWB7y5Prb6tmNSw==
--- a/argo1/values.yaml
+++ b/argo1/values.yaml
@ -2,7 +2,9 @@ bootstrap:
  source:
    repoURL: "https://git.strudelline.net/infra/argocd"
    targetRevision: "main"
-    path: argo1
+
+sealed-secrets:
+  enabled: true

 argo-cd:
  crds:
--- a/sealed-secrets/kustomization.yaml
+++ b/sealed-secrets/kustomization.yaml
@ -0,0 +1,5 @@
+kind: Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+
+resources:
+- "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.20.5/controller.yaml"