diff --git a/README.md b/README.md index e69de29..0784810 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,60 @@ +# `argo1` + +### A different opinionated opinion on how to bootstrap your ArgoCD + +This repo is a basic skeleton for managing your apps with ArgoCD. + +It uses helm to bootstrap and maintain the ArgoCD installation. You may +then add additional applications in argo1/templates either as helm charts +or as directories which should live alongside `argo1`. + +## Setup your own Argo1 + +1. Clone this repo as a template +2. If you will be using a private repo, configure a secret similar to secret.yaml + 1. You might also wish to use sealed secrets (via kubeseal). +3. Install CRDs + + *Preferred:* + ```bash + bash ./install-crds.sh + ``` + + This runs helm template but filters only the CRDs and installs them. This is + preferred to installing from tip of argocd since this helm template method + will ensure the correct versions of CRDs are installed. + + *Alternative:* + A suggested command to install via kubectl from [the ArgoCD docs][argo-crds]: + + ```bash + kubectl apply -k https://github.com/argoproj/argo-cd/manifests/crds\?ref\=stable + ``` + +3. update values.yaml + * At the very least, you will need to update the bootstrap.source.repoURL to + point to your clone -- this URL must match the prefix of the secret from + step 2. + * You may configure the argo-cd helm template via the argo-cd map in values.yaml. + A basic example is available in the default values.yaml file which suppresses + installing the CRDs (which are instead installed via install-crds.sh) + +4. Install + ```bash + helm install --dependency-update argo1 . + ``` +5. all done! + +## App of Apps pattern + +This is already an app of apps. + +Add additional applications to `templates/`. These may reference Values or +they may be verbatim manifests (be careful of any `{{}}` in your manifests +though!) + +Do not modify (or be careful with) `1-self.yaml` which is the application which +references this repo to enable self-management. + + +[argo-crds]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/ diff --git a/argo1/.values.yaml.swp b/argo1/.values.yaml.swp new file mode 100644 index 0000000..d11226f Binary files /dev/null and b/argo1/.values.yaml.swp differ diff --git a/argo1/README.md b/argo1/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/argo1/charts/argo-cd-5.29.1.tgz b/argo1/charts/argo-cd-5.29.1.tgz new file mode 100644 index 0000000..ce12a8a Binary files /dev/null and b/argo1/charts/argo-cd-5.29.1.tgz differ diff --git a/argo1/secrets-local.yaml b/argo1/secret.yaml similarity index 51% rename from argo1/secrets-local.yaml rename to argo1/secret.yaml index d697b44..5c6703f 100644 --- a/argo1/secrets-local.yaml +++ b/argo1/secret.yaml @@ -2,15 +2,13 @@ apiVersion: v1 kind: Secret metadata: - name: local-git-token + name: argocd-git-repo-creds namespace: argocd labels: argocd.argoproj.io/secret-type: repo-creds stringData: type: git - url: https://git.strudelline.net/ + url: https://github.com/ project: default - password: 96dee6522bd52b6ae29b64d250a7d0781ac8cc6a - username: james - project: default - + password: abcd1234xyzqrstffffffffffffff + username: bobsmithtedothy diff --git a/argo1/secrets-sealed.json b/argo1/secrets-sealed.json new file mode 100644 index 0000000..e8d8858 --- /dev/null +++ b/argo1/secrets-sealed.json @@ -0,0 +1,28 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "local-git-token", + "namespace": "argocd", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "local-git-token", + "namespace": "argocd", + "creationTimestamp": null, + "labels": { + "argocd.argoproj.io/secret-type": "repo-creds" + } + } + }, + "encryptedData": { + "password": "AgCrPpaueeC98AAO4vUUFacf3nxHvm6Cwb3BGNggNJPOPRAWfnBnQlgSNXjpxcb/ugVl/CUzyl7nE58hvL7kgE84OTUNlNV1QNPQht+7GNhbOAUpujnMEouoTdhAL20dJ87zAxI1bK36eyXw9z21q0EaclSivr9Xzy/XPeozEtZA0mE5Ie7imNzvicVegt+7F2VGWHA6ZbhrLzQ3PW+YJ0iqkyiGW2G0RTgzcMHcbrAIs/7yPakzDdMi30mP3Esnd2RyThJtTNv+4sqjbf1WJlz2kJ2jep+B+n7Q/wlJ/pzSOhYZE50NjCnxtUpXa0sDpPYgAu/i4ZDL3rjsD7YbI0HHa3eMc+RFvqWuN3LR2t0d83ETGPCYZmuRcV2rZ0VCL9FG3KmlaSCm/5Td8rU1bEuc+IPqFKgrrr4srhOzjC6yZtqdmqD/X+1uprXM1nLs0/xFELVI9BHZhsVq2BWm4v0469Ks+URVa3gYjl7w37PfEQR5MJyhbzxXdHisNyjHVWWWWWgSdgZPwT7Ga2tJ/05So/KPjrejmI9368Brj5Ijre2xVNSUTSvuEMmJ/4J50f9uQ2x/kYnPgi6W13kZ6Ij2mOmkGStFSNQ1cEYfvHbF/Ac3K+nkRG4q8VMOwWXjLArLdAkYRm6KrNom24HZKjACeM9cg8t7O3ka/rtEtVGNonV+dAO1vgPBQiRe426n3G96e45SyczeYOyiQXM+EK+056s1THno82S1GsOKd30zZTFwYc+rBL8s", + "project": "AgBgc4SimGITdak1irksspEwZQVOTfr2alI3vI6G7HKyGkZndKefQu2q8y11u5+JyMpTYXjkNDeyAr+h46yxer8DGmTG/Te5nm+OyeqZSB2JoMnTxzNQcesmgk7rIC/UkIOYMjYWGUc/ZtEdcObGlluYPeY3JzOeH47E50T3TfbR4AbXcxzsNbQpPrxEeQEtLtcQYSVK7/Si93ot+0062mjtU8+QtJkuVwAZSFPsknsUDHwwB0/dGyjPNGSDxCQhG78GHvWOGaWZJJovRpEUz5ehJ5v78t69nUw10Xcb3MTGJZQVLBNfMv64YmYR3VHsXRCtR4LQEUvYyax3706U7Q7MX7pgpfQsKINrpVpJAZNn02b/ejPSmMCpHrm+ePmhsS0Om5kWC1rOB5BVFnD0Ocn7/22jbOAx9Tix6e4Jaw8zgTYG9TGkIRRjQGzmzzjES+8v2J6OHK+I4AI3QamnDm+0lvMIvwp+a9ifSR6Mr/35EU1uqHdZlPoOUkLV10EseWwL/b4PPQ88K7fM18ijk2atPNJ95nqsgHoXi05DGQBF1iz0tF1F4Dp9VYDbY/cGMJGJKu6+4UJ7CqssKXNmz1X1ks8VJAymM73D9kG/LybM8XXCjP6vK6Nkd9AsrukZk/o/ZzTFsN7bHgrM+INvgqsD/cSAx7Zq2LmFHA0P43OnaJqvoWZpkho1faOEQf6XUucMBhnbMppu", + "type": "AgCJqmj46leRcOtPPq8j2jGreNiSnipk8ak8Fh6Evpq6o8/Q29yDSa/w3L5iZ0ilpL4xuZqIk4UJD1HZ1z9rDFzGTxP8wY9tlZJy0qdT9apOgnQVGw+J1xMc/AreXM7nNZ39Wvi3QvuRqNbA7oRA2a9fGbKBTalJyUkgP5LvOSlpd0t/p5hPWn4K+4PB9JoeonT/kvGF8Z1iyfN4f5Dsm+LR8BKBgGdiI2ztx/q3zdpSnEvg0an5enPjU0e+44S9FcS4zM/vx+W7nkB+KgM5vi+Dy82K34oRV8Ux0W7bsn5L1aH2KsDwUU6+x75oZ1NhAC2WWRB/wVadhSXLDmA0ZL10abJqVM8ixdYuOQqgJyZdJSOZs9NVlVbzWOB/Y5nJbdLyOofoxu0jLsMPmZcj1CDa/0TkIrgbDsEbtrEZLCyyoB1kfNn5pWjVkGdr80OQLLh6BEpd7lMpdyuRWMCeGnJA7N5wX6nXR7TbMNfBCLTa3PiaHom8MiNbbrBOXxtjvpt0tGbSNtcXVMdqiiR+AmJ5LAPOA/DvJNNAakkp/72mpDg48bS9+te13AY5e6zWSzwelwCGF6VgHWSJ59N3FWJWYyBI9v4w83OtL4phhMe9kebpIDt89yG0sm7cwiRjW7B5KnImVe51pBT3xzow50H1SsX7sEfxDCSJqAL888USQ2MvMNcvc3lGd9DS97EDN2y2Z1o=", + "url": "AgBeMXNzB5eT5gZHbf2ZZWBeBSHqdm2mb3WezMAA/9qHE8epYYC9oC21gOjfq4AapWrbaBd0I+ScciEIvIZ6pr5Lwk4yVSpShSgYnCW+iS53EPp2YfcHoc5T4a3Si7sSvbpEbNTSY56Q4tL9vTyfKVUk3iVdQxiUgK3aKN1QZky8XS6/Z7yF03PuwymN40PkdmivSgn9Qy8VSOLhw7Uw3RGprcDyJ2IjUNbosyUxW8ifT1Tune4BUmKfyOrOBDEe4kAw8XWM5C/0E7z3qMVDOl7Uu2qR3NbcAwX3FF7UD4YWCD3g7j22F6WjJCtImRNHygkCHy2Xv15QlBptJtSNYwWkwSQS7BXPlikQOqtu9QQAo7BJ2RCy9bsEAciIBWYfqDa69dmL1hYCq/kBnutQleaLbZPVDXFRxZAdSOewGYq1Xd3hpN0GPbOsOmMTRQQmBQBLwuqA7kF6lbWLqyfKngQllKc7aUYRiCK1ce6HLqPLaH3hUoztPdKUQD2K1G1+2+RztxgF3vlUlo7twSqh5IbGnifZBDHEnnjC6iAz4Y61qdLCdBnR81JtfFGi8W/Ar/K/B9NnTdIPqTLUF056pLaPC17OmeiaQJ9o172nSU928wMXybvMj3hRvgagHtADFaPcG6u5lHggMY9d9x76UouWlhqMs/WczsKgadOWAL3P7DX48d1mX5Bx1jtKzu7WE97XrhsVqKBEl/GuyH01tSQwm+AzIvsmChrV46JZ", + "username": "AgCzvfwyKtys4rAj1UVt0Hrgb3BAl9woA46eoAeo2EdtTnlPuvrVpenBQ+GkoLeGHN/sbuyK1GUKktRBjj9Y9OlziJBwT93EYryS0Ro3WiCbeal7oCXzyWDL2zEXpkrwmi9gBYZWw+yTTGtmHdtoRgnv/3QypmLRTJHtUnv+wwfzF2YR5LwOS5guGTPQBsVUBLC0roEI5PawIIPJlHQMWjijZbcekUjzVE3Kr85xPCyyZ3qEymvJH4jAzC22uDYU5riv8+g1UBABDKPRZFt5mMFM5NoJa2BsOqqp3I/URAOdLbfX7z50MktbJLITooEU7k8SbmDH3tewbsPCDzlmRePd945wKQPWUJaplqIwpszlB2+iVo3qPjb31/yMhrkZFmXXJIACYJij8kDrfESEbL/ObsynAMByN3UivCNnks03aouOhoCSn88Aiz4cvhm7w/U5ADdPMFQv01+HsPeKOy+nXMxii+phAmaLMpEb4E8k+it2aGg4SWRTCuefST5Sy9i94+UVKldUHbAus8pVaEHgKO6Tfx+psXe+Y2wQSk75HYU9LvBbNQzaeGIJ67RLU439LjB2WAyXglJEr8rH5DndZHpmG9fy0xh41uYBkXSgoVYkGcqi63LEHEhcw0BlkLvhvIwom96kKyT3VrAnSwgaryBUf5E7twJ3taBq6wU6lcSmTDCQMiX1wyTkWB7y5Prb6tmNSw==" + } + } +} diff --git a/argo1/templates/_self.yaml b/argo1/templates/1-self.yaml similarity index 76% rename from argo1/templates/_self.yaml rename to argo1/templates/1-self.yaml index 6ca3c42..2f7d449 100644 --- a/argo1/templates/_self.yaml +++ b/argo1/templates/1-self.yaml @@ -7,7 +7,9 @@ metadata: spec: project: default source: -{{ .Values.bootstrap.source | toYaml | nindent 4 }} + repoURL: "{{.Values.bootstrap.source.repoURL}}" + targetRevision: "{{.Values.bootstrap.source.targetRevision}}" + path: argo1 destination: namespace: "{{ .Release.Namespace }}" name: in-cluster diff --git a/argo1/templates/sealed-secrets.yaml b/argo1/templates/sealed-secrets.yaml new file mode 100644 index 0000000..a3dc6c2 --- /dev/null +++ b/argo1/templates/sealed-secrets.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: "{{ .Release.Name }}-sealed-secrets" + namespace: "{{ .Release.Namespace }}" +spec: + project: default + source: + repoURL: "{{ .Values.bootstrap.source.repoURL }}" + targetRevision: "{{ .Values.bootstrap.source.targetRevision }}" + path: sealed-secrets + destination: + namespace: kube-system + name: in-cluster + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true diff --git a/argo1/templates/secrets-sealed.yaml b/argo1/templates/secrets-sealed.yaml new file mode 100644 index 0000000..65b89bb --- /dev/null +++ b/argo1/templates/secrets-sealed.yaml @@ -0,0 +1,20 @@ +kind: SealedSecret +apiVersion: bitnami.com/v1alpha1 +metadata: + name: local-git-token + namespace: argocd + creationTimestamp: null +spec: + template: + metadata: + name: local-git-token + namespace: argocd + creationTimestamp: null + labels: + argocd.argoproj.io/secret-type: repo-creds + encryptedData: + password: AgCrPpaueeC98AAO4vUUFacf3nxHvm6Cwb3BGNggNJPOPRAWfnBnQlgSNXjpxcb/ugVl/CUzyl7nE58hvL7kgE84OTUNlNV1QNPQht+7GNhbOAUpujnMEouoTdhAL20dJ87zAxI1bK36eyXw9z21q0EaclSivr9Xzy/XPeozEtZA0mE5Ie7imNzvicVegt+7F2VGWHA6ZbhrLzQ3PW+YJ0iqkyiGW2G0RTgzcMHcbrAIs/7yPakzDdMi30mP3Esnd2RyThJtTNv+4sqjbf1WJlz2kJ2jep+B+n7Q/wlJ/pzSOhYZE50NjCnxtUpXa0sDpPYgAu/i4ZDL3rjsD7YbI0HHa3eMc+RFvqWuN3LR2t0d83ETGPCYZmuRcV2rZ0VCL9FG3KmlaSCm/5Td8rU1bEuc+IPqFKgrrr4srhOzjC6yZtqdmqD/X+1uprXM1nLs0/xFELVI9BHZhsVq2BWm4v0469Ks+URVa3gYjl7w37PfEQR5MJyhbzxXdHisNyjHVWWWWWgSdgZPwT7Ga2tJ/05So/KPjrejmI9368Brj5Ijre2xVNSUTSvuEMmJ/4J50f9uQ2x/kYnPgi6W13kZ6Ij2mOmkGStFSNQ1cEYfvHbF/Ac3K+nkRG4q8VMOwWXjLArLdAkYRm6KrNom24HZKjACeM9cg8t7O3ka/rtEtVGNonV+dAO1vgPBQiRe426n3G96e45SyczeYOyiQXM+EK+056s1THno82S1GsOKd30zZTFwYc+rBL8s + project: AgBgc4SimGITdak1irksspEwZQVOTfr2alI3vI6G7HKyGkZndKefQu2q8y11u5+JyMpTYXjkNDeyAr+h46yxer8DGmTG/Te5nm+OyeqZSB2JoMnTxzNQcesmgk7rIC/UkIOYMjYWGUc/ZtEdcObGlluYPeY3JzOeH47E50T3TfbR4AbXcxzsNbQpPrxEeQEtLtcQYSVK7/Si93ot+0062mjtU8+QtJkuVwAZSFPsknsUDHwwB0/dGyjPNGSDxCQhG78GHvWOGaWZJJovRpEUz5ehJ5v78t69nUw10Xcb3MTGJZQVLBNfMv64YmYR3VHsXRCtR4LQEUvYyax3706U7Q7MX7pgpfQsKINrpVpJAZNn02b/ejPSmMCpHrm+ePmhsS0Om5kWC1rOB5BVFnD0Ocn7/22jbOAx9Tix6e4Jaw8zgTYG9TGkIRRjQGzmzzjES+8v2J6OHK+I4AI3QamnDm+0lvMIvwp+a9ifSR6Mr/35EU1uqHdZlPoOUkLV10EseWwL/b4PPQ88K7fM18ijk2atPNJ95nqsgHoXi05DGQBF1iz0tF1F4Dp9VYDbY/cGMJGJKu6+4UJ7CqssKXNmz1X1ks8VJAymM73D9kG/LybM8XXCjP6vK6Nkd9AsrukZk/o/ZzTFsN7bHgrM+INvgqsD/cSAx7Zq2LmFHA0P43OnaJqvoWZpkho1faOEQf6XUucMBhnbMppu + type: AgCJqmj46leRcOtPPq8j2jGreNiSnipk8ak8Fh6Evpq6o8/Q29yDSa/w3L5iZ0ilpL4xuZqIk4UJD1HZ1z9rDFzGTxP8wY9tlZJy0qdT9apOgnQVGw+J1xMc/AreXM7nNZ39Wvi3QvuRqNbA7oRA2a9fGbKBTalJyUkgP5LvOSlpd0t/p5hPWn4K+4PB9JoeonT/kvGF8Z1iyfN4f5Dsm+LR8BKBgGdiI2ztx/q3zdpSnEvg0an5enPjU0e+44S9FcS4zM/vx+W7nkB+KgM5vi+Dy82K34oRV8Ux0W7bsn5L1aH2KsDwUU6+x75oZ1NhAC2WWRB/wVadhSXLDmA0ZL10abJqVM8ixdYuOQqgJyZdJSOZs9NVlVbzWOB/Y5nJbdLyOofoxu0jLsMPmZcj1CDa/0TkIrgbDsEbtrEZLCyyoB1kfNn5pWjVkGdr80OQLLh6BEpd7lMpdyuRWMCeGnJA7N5wX6nXR7TbMNfBCLTa3PiaHom8MiNbbrBOXxtjvpt0tGbSNtcXVMdqiiR+AmJ5LAPOA/DvJNNAakkp/72mpDg48bS9+te13AY5e6zWSzwelwCGF6VgHWSJ59N3FWJWYyBI9v4w83OtL4phhMe9kebpIDt89yG0sm7cwiRjW7B5KnImVe51pBT3xzow50H1SsX7sEfxDCSJqAL888USQ2MvMNcvc3lGd9DS97EDN2y2Z1o= + url: AgBeMXNzB5eT5gZHbf2ZZWBeBSHqdm2mb3WezMAA/9qHE8epYYC9oC21gOjfq4AapWrbaBd0I+ScciEIvIZ6pr5Lwk4yVSpShSgYnCW+iS53EPp2YfcHoc5T4a3Si7sSvbpEbNTSY56Q4tL9vTyfKVUk3iVdQxiUgK3aKN1QZky8XS6/Z7yF03PuwymN40PkdmivSgn9Qy8VSOLhw7Uw3RGprcDyJ2IjUNbosyUxW8ifT1Tune4BUmKfyOrOBDEe4kAw8XWM5C/0E7z3qMVDOl7Uu2qR3NbcAwX3FF7UD4YWCD3g7j22F6WjJCtImRNHygkCHy2Xv15QlBptJtSNYwWkwSQS7BXPlikQOqtu9QQAo7BJ2RCy9bsEAciIBWYfqDa69dmL1hYCq/kBnutQleaLbZPVDXFRxZAdSOewGYq1Xd3hpN0GPbOsOmMTRQQmBQBLwuqA7kF6lbWLqyfKngQllKc7aUYRiCK1ce6HLqPLaH3hUoztPdKUQD2K1G1+2+RztxgF3vlUlo7twSqh5IbGnifZBDHEnnjC6iAz4Y61qdLCdBnR81JtfFGi8W/Ar/K/B9NnTdIPqTLUF056pLaPC17OmeiaQJ9o172nSU928wMXybvMj3hRvgagHtADFaPcG6u5lHggMY9d9x76UouWlhqMs/WczsKgadOWAL3P7DX48d1mX5Bx1jtKzu7WE97XrhsVqKBEl/GuyH01tSQwm+AzIvsmChrV46JZ + username: AgCzvfwyKtys4rAj1UVt0Hrgb3BAl9woA46eoAeo2EdtTnlPuvrVpenBQ+GkoLeGHN/sbuyK1GUKktRBjj9Y9OlziJBwT93EYryS0Ro3WiCbeal7oCXzyWDL2zEXpkrwmi9gBYZWw+yTTGtmHdtoRgnv/3QypmLRTJHtUnv+wwfzF2YR5LwOS5guGTPQBsVUBLC0roEI5PawIIPJlHQMWjijZbcekUjzVE3Kr85xPCyyZ3qEymvJH4jAzC22uDYU5riv8+g1UBABDKPRZFt5mMFM5NoJa2BsOqqp3I/URAOdLbfX7z50MktbJLITooEU7k8SbmDH3tewbsPCDzlmRePd945wKQPWUJaplqIwpszlB2+iVo3qPjb31/yMhrkZFmXXJIACYJij8kDrfESEbL/ObsynAMByN3UivCNnks03aouOhoCSn88Aiz4cvhm7w/U5ADdPMFQv01+HsPeKOy+nXMxii+phAmaLMpEb4E8k+it2aGg4SWRTCuefST5Sy9i94+UVKldUHbAus8pVaEHgKO6Tfx+psXe+Y2wQSk75HYU9LvBbNQzaeGIJ67RLU439LjB2WAyXglJEr8rH5DndZHpmG9fy0xh41uYBkXSgoVYkGcqi63LEHEhcw0BlkLvhvIwom96kKyT3VrAnSwgaryBUf5E7twJ3taBq6wU6lcSmTDCQMiX1wyTkWB7y5Prb6tmNSw== diff --git a/argo1/values.yaml b/argo1/values.yaml index 2e85cef..d5338c5 100644 --- a/argo1/values.yaml +++ b/argo1/values.yaml @@ -2,7 +2,9 @@ bootstrap: source: repoURL: "https://git.strudelline.net/infra/argocd" targetRevision: "main" - path: argo1 + +sealed-secrets: + enabled: true argo-cd: crds: diff --git a/sealed-secrets/kustomization.yaml b/sealed-secrets/kustomization.yaml new file mode 100644 index 0000000..9744286 --- /dev/null +++ b/sealed-secrets/kustomization.yaml @@ -0,0 +1,5 @@ +kind: Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 + +resources: +- "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.20.5/controller.yaml"