This commit is contained in:
James Andariese 2023-04-23 14:24:00 -05:00
parent a466ef1410
commit af2b996a46
11 changed files with 142 additions and 8 deletions

View File

@ -0,0 +1,60 @@
# `argo1`
### A different opinionated opinion on how to bootstrap your ArgoCD
This repo is a basic skeleton for managing your apps with ArgoCD.
It uses helm to bootstrap and maintain the ArgoCD installation. You may
then add additional applications in argo1/templates either as helm charts
or as directories which should live alongside `argo1`.
## Setup your own Argo1
1. Clone this repo as a template
2. If you will be using a private repo, configure a secret similar to secret.yaml
1. You might also wish to use sealed secrets (via kubeseal).
3. Install CRDs
*Preferred:*
```bash
bash ./install-crds.sh
```
This runs helm template but filters only the CRDs and installs them. This is
preferred to installing from tip of argocd since this helm template method
will ensure the correct versions of CRDs are installed.
*Alternative:*
A suggested command to install via kubectl from [the ArgoCD docs][argo-crds]:
```bash
kubectl apply -k https://github.com/argoproj/argo-cd/manifests/crds\?ref\=stable
```
3. update values.yaml
* At the very least, you will need to update the bootstrap.source.repoURL to
point to your clone -- this URL must match the prefix of the secret from
step 2.
* You may configure the argo-cd helm template via the argo-cd map in values.yaml.
A basic example is available in the default values.yaml file which suppresses
installing the CRDs (which are instead installed via install-crds.sh)
4. Install
```bash
helm install --dependency-update argo1 .
```
5. all done!
## App of Apps pattern
This is already an app of apps.
Add additional applications to `templates/`. These may reference Values or
they may be verbatim manifests (be careful of any `{{}}` in your manifests
though!)
Do not modify (or be careful with) `1-self.yaml` which is the application which
references this repo to enable self-management.
[argo-crds]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/

BIN
argo1/.values.yaml.swp Normal file

Binary file not shown.

View File

Binary file not shown.

View File

@ -2,15 +2,13 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: local-git-token name: argocd-git-repo-creds
namespace: argocd namespace: argocd
labels: labels:
argocd.argoproj.io/secret-type: repo-creds argocd.argoproj.io/secret-type: repo-creds
stringData: stringData:
type: git type: git
url: https://git.strudelline.net/ url: https://github.com/
project: default project: default
password: 96dee6522bd52b6ae29b64d250a7d0781ac8cc6a password: abcd1234xyzqrstffffffffffffff
username: james username: bobsmithtedothy
project: default

28
argo1/secrets-sealed.json Normal file
View File

@ -0,0 +1,28 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "local-git-token",
"namespace": "argocd",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "local-git-token",
"namespace": "argocd",
"creationTimestamp": null,
"labels": {
"argocd.argoproj.io/secret-type": "repo-creds"
}
}
},
"encryptedData": {
"password": "AgCrPpaueeC98AAO4vUUFacf3nxHvm6Cwb3BGNggNJPOPRAWfnBnQlgSNXjpxcb/ugVl/CUzyl7nE58hvL7kgE84OTUNlNV1QNPQht+7GNhbOAUpujnMEouoTdhAL20dJ87zAxI1bK36eyXw9z21q0EaclSivr9Xzy/XPeozEtZA0mE5Ie7imNzvicVegt+7F2VGWHA6ZbhrLzQ3PW+YJ0iqkyiGW2G0RTgzcMHcbrAIs/7yPakzDdMi30mP3Esnd2RyThJtTNv+4sqjbf1WJlz2kJ2jep+B+n7Q/wlJ/pzSOhYZE50NjCnxtUpXa0sDpPYgAu/i4ZDL3rjsD7YbI0HHa3eMc+RFvqWuN3LR2t0d83ETGPCYZmuRcV2rZ0VCL9FG3KmlaSCm/5Td8rU1bEuc+IPqFKgrrr4srhOzjC6yZtqdmqD/X+1uprXM1nLs0/xFELVI9BHZhsVq2BWm4v0469Ks+URVa3gYjl7w37PfEQR5MJyhbzxXdHisNyjHVWWWWWgSdgZPwT7Ga2tJ/05So/KPjrejmI9368Brj5Ijre2xVNSUTSvuEMmJ/4J50f9uQ2x/kYnPgi6W13kZ6Ij2mOmkGStFSNQ1cEYfvHbF/Ac3K+nkRG4q8VMOwWXjLArLdAkYRm6KrNom24HZKjACeM9cg8t7O3ka/rtEtVGNonV+dAO1vgPBQiRe426n3G96e45SyczeYOyiQXM+EK+056s1THno82S1GsOKd30zZTFwYc+rBL8s",
"project": "AgBgc4SimGITdak1irksspEwZQVOTfr2alI3vI6G7HKyGkZndKefQu2q8y11u5+JyMpTYXjkNDeyAr+h46yxer8DGmTG/Te5nm+OyeqZSB2JoMnTxzNQcesmgk7rIC/UkIOYMjYWGUc/ZtEdcObGlluYPeY3JzOeH47E50T3TfbR4AbXcxzsNbQpPrxEeQEtLtcQYSVK7/Si93ot+0062mjtU8+QtJkuVwAZSFPsknsUDHwwB0/dGyjPNGSDxCQhG78GHvWOGaWZJJovRpEUz5ehJ5v78t69nUw10Xcb3MTGJZQVLBNfMv64YmYR3VHsXRCtR4LQEUvYyax3706U7Q7MX7pgpfQsKINrpVpJAZNn02b/ejPSmMCpHrm+ePmhsS0Om5kWC1rOB5BVFnD0Ocn7/22jbOAx9Tix6e4Jaw8zgTYG9TGkIRRjQGzmzzjES+8v2J6OHK+I4AI3QamnDm+0lvMIvwp+a9ifSR6Mr/35EU1uqHdZlPoOUkLV10EseWwL/b4PPQ88K7fM18ijk2atPNJ95nqsgHoXi05DGQBF1iz0tF1F4Dp9VYDbY/cGMJGJKu6+4UJ7CqssKXNmz1X1ks8VJAymM73D9kG/LybM8XXCjP6vK6Nkd9AsrukZk/o/ZzTFsN7bHgrM+INvgqsD/cSAx7Zq2LmFHA0P43OnaJqvoWZpkho1faOEQf6XUucMBhnbMppu",
"type": "AgCJqmj46leRcOtPPq8j2jGreNiSnipk8ak8Fh6Evpq6o8/Q29yDSa/w3L5iZ0ilpL4xuZqIk4UJD1HZ1z9rDFzGTxP8wY9tlZJy0qdT9apOgnQVGw+J1xMc/AreXM7nNZ39Wvi3QvuRqNbA7oRA2a9fGbKBTalJyUkgP5LvOSlpd0t/p5hPWn4K+4PB9JoeonT/kvGF8Z1iyfN4f5Dsm+LR8BKBgGdiI2ztx/q3zdpSnEvg0an5enPjU0e+44S9FcS4zM/vx+W7nkB+KgM5vi+Dy82K34oRV8Ux0W7bsn5L1aH2KsDwUU6+x75oZ1NhAC2WWRB/wVadhSXLDmA0ZL10abJqVM8ixdYuOQqgJyZdJSOZs9NVlVbzWOB/Y5nJbdLyOofoxu0jLsMPmZcj1CDa/0TkIrgbDsEbtrEZLCyyoB1kfNn5pWjVkGdr80OQLLh6BEpd7lMpdyuRWMCeGnJA7N5wX6nXR7TbMNfBCLTa3PiaHom8MiNbbrBOXxtjvpt0tGbSNtcXVMdqiiR+AmJ5LAPOA/DvJNNAakkp/72mpDg48bS9+te13AY5e6zWSzwelwCGF6VgHWSJ59N3FWJWYyBI9v4w83OtL4phhMe9kebpIDt89yG0sm7cwiRjW7B5KnImVe51pBT3xzow50H1SsX7sEfxDCSJqAL888USQ2MvMNcvc3lGd9DS97EDN2y2Z1o=",
"url": "AgBeMXNzB5eT5gZHbf2ZZWBeBSHqdm2mb3WezMAA/9qHE8epYYC9oC21gOjfq4AapWrbaBd0I+ScciEIvIZ6pr5Lwk4yVSpShSgYnCW+iS53EPp2YfcHoc5T4a3Si7sSvbpEbNTSY56Q4tL9vTyfKVUk3iVdQxiUgK3aKN1QZky8XS6/Z7yF03PuwymN40PkdmivSgn9Qy8VSOLhw7Uw3RGprcDyJ2IjUNbosyUxW8ifT1Tune4BUmKfyOrOBDEe4kAw8XWM5C/0E7z3qMVDOl7Uu2qR3NbcAwX3FF7UD4YWCD3g7j22F6WjJCtImRNHygkCHy2Xv15QlBptJtSNYwWkwSQS7BXPlikQOqtu9QQAo7BJ2RCy9bsEAciIBWYfqDa69dmL1hYCq/kBnutQleaLbZPVDXFRxZAdSOewGYq1Xd3hpN0GPbOsOmMTRQQmBQBLwuqA7kF6lbWLqyfKngQllKc7aUYRiCK1ce6HLqPLaH3hUoztPdKUQD2K1G1+2+RztxgF3vlUlo7twSqh5IbGnifZBDHEnnjC6iAz4Y61qdLCdBnR81JtfFGi8W/Ar/K/B9NnTdIPqTLUF056pLaPC17OmeiaQJ9o172nSU928wMXybvMj3hRvgagHtADFaPcG6u5lHggMY9d9x76UouWlhqMs/WczsKgadOWAL3P7DX48d1mX5Bx1jtKzu7WE97XrhsVqKBEl/GuyH01tSQwm+AzIvsmChrV46JZ",
"username": "AgCzvfwyKtys4rAj1UVt0Hrgb3BAl9woA46eoAeo2EdtTnlPuvrVpenBQ+GkoLeGHN/sbuyK1GUKktRBjj9Y9OlziJBwT93EYryS0Ro3WiCbeal7oCXzyWDL2zEXpkrwmi9gBYZWw+yTTGtmHdtoRgnv/3QypmLRTJHtUnv+wwfzF2YR5LwOS5guGTPQBsVUBLC0roEI5PawIIPJlHQMWjijZbcekUjzVE3Kr85xPCyyZ3qEymvJH4jAzC22uDYU5riv8+g1UBABDKPRZFt5mMFM5NoJa2BsOqqp3I/URAOdLbfX7z50MktbJLITooEU7k8SbmDH3tewbsPCDzlmRePd945wKQPWUJaplqIwpszlB2+iVo3qPjb31/yMhrkZFmXXJIACYJij8kDrfESEbL/ObsynAMByN3UivCNnks03aouOhoCSn88Aiz4cvhm7w/U5ADdPMFQv01+HsPeKOy+nXMxii+phAmaLMpEb4E8k+it2aGg4SWRTCuefST5Sy9i94+UVKldUHbAus8pVaEHgKO6Tfx+psXe+Y2wQSk75HYU9LvBbNQzaeGIJ67RLU439LjB2WAyXglJEr8rH5DndZHpmG9fy0xh41uYBkXSgoVYkGcqi63LEHEhcw0BlkLvhvIwom96kKyT3VrAnSwgaryBUf5E7twJ3taBq6wU6lcSmTDCQMiX1wyTkWB7y5Prb6tmNSw=="
}
}
}

View File

@ -7,7 +7,9 @@ metadata:
spec: spec:
project: default project: default
source: source:
{{ .Values.bootstrap.source | toYaml | nindent 4 }} repoURL: "{{.Values.bootstrap.source.repoURL}}"
targetRevision: "{{.Values.bootstrap.source.targetRevision}}"
path: argo1
destination: destination:
namespace: "{{ .Release.Namespace }}" namespace: "{{ .Release.Namespace }}"
name: in-cluster name: in-cluster

View File

@ -0,0 +1,19 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ .Release.Name }}-sealed-secrets"
namespace: "{{ .Release.Namespace }}"
spec:
project: default
source:
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
path: sealed-secrets
destination:
namespace: kube-system
name: in-cluster
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true

View File

@ -0,0 +1,20 @@
kind: SealedSecret
apiVersion: bitnami.com/v1alpha1
metadata:
name: local-git-token
namespace: argocd
creationTimestamp: null
spec:
template:
metadata:
name: local-git-token
namespace: argocd
creationTimestamp: null
labels:
argocd.argoproj.io/secret-type: repo-creds
encryptedData:
password: AgCrPpaueeC98AAO4vUUFacf3nxHvm6Cwb3BGNggNJPOPRAWfnBnQlgSNXjpxcb/ugVl/CUzyl7nE58hvL7kgE84OTUNlNV1QNPQht+7GNhbOAUpujnMEouoTdhAL20dJ87zAxI1bK36eyXw9z21q0EaclSivr9Xzy/XPeozEtZA0mE5Ie7imNzvicVegt+7F2VGWHA6ZbhrLzQ3PW+YJ0iqkyiGW2G0RTgzcMHcbrAIs/7yPakzDdMi30mP3Esnd2RyThJtTNv+4sqjbf1WJlz2kJ2jep+B+n7Q/wlJ/pzSOhYZE50NjCnxtUpXa0sDpPYgAu/i4ZDL3rjsD7YbI0HHa3eMc+RFvqWuN3LR2t0d83ETGPCYZmuRcV2rZ0VCL9FG3KmlaSCm/5Td8rU1bEuc+IPqFKgrrr4srhOzjC6yZtqdmqD/X+1uprXM1nLs0/xFELVI9BHZhsVq2BWm4v0469Ks+URVa3gYjl7w37PfEQR5MJyhbzxXdHisNyjHVWWWWWgSdgZPwT7Ga2tJ/05So/KPjrejmI9368Brj5Ijre2xVNSUTSvuEMmJ/4J50f9uQ2x/kYnPgi6W13kZ6Ij2mOmkGStFSNQ1cEYfvHbF/Ac3K+nkRG4q8VMOwWXjLArLdAkYRm6KrNom24HZKjACeM9cg8t7O3ka/rtEtVGNonV+dAO1vgPBQiRe426n3G96e45SyczeYOyiQXM+EK+056s1THno82S1GsOKd30zZTFwYc+rBL8s
project: AgBgc4SimGITdak1irksspEwZQVOTfr2alI3vI6G7HKyGkZndKefQu2q8y11u5+JyMpTYXjkNDeyAr+h46yxer8DGmTG/Te5nm+OyeqZSB2JoMnTxzNQcesmgk7rIC/UkIOYMjYWGUc/ZtEdcObGlluYPeY3JzOeH47E50T3TfbR4AbXcxzsNbQpPrxEeQEtLtcQYSVK7/Si93ot+0062mjtU8+QtJkuVwAZSFPsknsUDHwwB0/dGyjPNGSDxCQhG78GHvWOGaWZJJovRpEUz5ehJ5v78t69nUw10Xcb3MTGJZQVLBNfMv64YmYR3VHsXRCtR4LQEUvYyax3706U7Q7MX7pgpfQsKINrpVpJAZNn02b/ejPSmMCpHrm+ePmhsS0Om5kWC1rOB5BVFnD0Ocn7/22jbOAx9Tix6e4Jaw8zgTYG9TGkIRRjQGzmzzjES+8v2J6OHK+I4AI3QamnDm+0lvMIvwp+a9ifSR6Mr/35EU1uqHdZlPoOUkLV10EseWwL/b4PPQ88K7fM18ijk2atPNJ95nqsgHoXi05DGQBF1iz0tF1F4Dp9VYDbY/cGMJGJKu6+4UJ7CqssKXNmz1X1ks8VJAymM73D9kG/LybM8XXCjP6vK6Nkd9AsrukZk/o/ZzTFsN7bHgrM+INvgqsD/cSAx7Zq2LmFHA0P43OnaJqvoWZpkho1faOEQf6XUucMBhnbMppu
type: AgCJqmj46leRcOtPPq8j2jGreNiSnipk8ak8Fh6Evpq6o8/Q29yDSa/w3L5iZ0ilpL4xuZqIk4UJD1HZ1z9rDFzGTxP8wY9tlZJy0qdT9apOgnQVGw+J1xMc/AreXM7nNZ39Wvi3QvuRqNbA7oRA2a9fGbKBTalJyUkgP5LvOSlpd0t/p5hPWn4K+4PB9JoeonT/kvGF8Z1iyfN4f5Dsm+LR8BKBgGdiI2ztx/q3zdpSnEvg0an5enPjU0e+44S9FcS4zM/vx+W7nkB+KgM5vi+Dy82K34oRV8Ux0W7bsn5L1aH2KsDwUU6+x75oZ1NhAC2WWRB/wVadhSXLDmA0ZL10abJqVM8ixdYuOQqgJyZdJSOZs9NVlVbzWOB/Y5nJbdLyOofoxu0jLsMPmZcj1CDa/0TkIrgbDsEbtrEZLCyyoB1kfNn5pWjVkGdr80OQLLh6BEpd7lMpdyuRWMCeGnJA7N5wX6nXR7TbMNfBCLTa3PiaHom8MiNbbrBOXxtjvpt0tGbSNtcXVMdqiiR+AmJ5LAPOA/DvJNNAakkp/72mpDg48bS9+te13AY5e6zWSzwelwCGF6VgHWSJ59N3FWJWYyBI9v4w83OtL4phhMe9kebpIDt89yG0sm7cwiRjW7B5KnImVe51pBT3xzow50H1SsX7sEfxDCSJqAL888USQ2MvMNcvc3lGd9DS97EDN2y2Z1o=
url: AgBeMXNzB5eT5gZHbf2ZZWBeBSHqdm2mb3WezMAA/9qHE8epYYC9oC21gOjfq4AapWrbaBd0I+ScciEIvIZ6pr5Lwk4yVSpShSgYnCW+iS53EPp2YfcHoc5T4a3Si7sSvbpEbNTSY56Q4tL9vTyfKVUk3iVdQxiUgK3aKN1QZky8XS6/Z7yF03PuwymN40PkdmivSgn9Qy8VSOLhw7Uw3RGprcDyJ2IjUNbosyUxW8ifT1Tune4BUmKfyOrOBDEe4kAw8XWM5C/0E7z3qMVDOl7Uu2qR3NbcAwX3FF7UD4YWCD3g7j22F6WjJCtImRNHygkCHy2Xv15QlBptJtSNYwWkwSQS7BXPlikQOqtu9QQAo7BJ2RCy9bsEAciIBWYfqDa69dmL1hYCq/kBnutQleaLbZPVDXFRxZAdSOewGYq1Xd3hpN0GPbOsOmMTRQQmBQBLwuqA7kF6lbWLqyfKngQllKc7aUYRiCK1ce6HLqPLaH3hUoztPdKUQD2K1G1+2+RztxgF3vlUlo7twSqh5IbGnifZBDHEnnjC6iAz4Y61qdLCdBnR81JtfFGi8W/Ar/K/B9NnTdIPqTLUF056pLaPC17OmeiaQJ9o172nSU928wMXybvMj3hRvgagHtADFaPcG6u5lHggMY9d9x76UouWlhqMs/WczsKgadOWAL3P7DX48d1mX5Bx1jtKzu7WE97XrhsVqKBEl/GuyH01tSQwm+AzIvsmChrV46JZ
username: AgCzvfwyKtys4rAj1UVt0Hrgb3BAl9woA46eoAeo2EdtTnlPuvrVpenBQ+GkoLeGHN/sbuyK1GUKktRBjj9Y9OlziJBwT93EYryS0Ro3WiCbeal7oCXzyWDL2zEXpkrwmi9gBYZWw+yTTGtmHdtoRgnv/3QypmLRTJHtUnv+wwfzF2YR5LwOS5guGTPQBsVUBLC0roEI5PawIIPJlHQMWjijZbcekUjzVE3Kr85xPCyyZ3qEymvJH4jAzC22uDYU5riv8+g1UBABDKPRZFt5mMFM5NoJa2BsOqqp3I/URAOdLbfX7z50MktbJLITooEU7k8SbmDH3tewbsPCDzlmRePd945wKQPWUJaplqIwpszlB2+iVo3qPjb31/yMhrkZFmXXJIACYJij8kDrfESEbL/ObsynAMByN3UivCNnks03aouOhoCSn88Aiz4cvhm7w/U5ADdPMFQv01+HsPeKOy+nXMxii+phAmaLMpEb4E8k+it2aGg4SWRTCuefST5Sy9i94+UVKldUHbAus8pVaEHgKO6Tfx+psXe+Y2wQSk75HYU9LvBbNQzaeGIJ67RLU439LjB2WAyXglJEr8rH5DndZHpmG9fy0xh41uYBkXSgoVYkGcqi63LEHEhcw0BlkLvhvIwom96kKyT3VrAnSwgaryBUf5E7twJ3taBq6wU6lcSmTDCQMiX1wyTkWB7y5Prb6tmNSw==

View File

@ -2,7 +2,9 @@ bootstrap:
source: source:
repoURL: "https://git.strudelline.net/infra/argocd" repoURL: "https://git.strudelline.net/infra/argocd"
targetRevision: "main" targetRevision: "main"
path: argo1
sealed-secrets:
enabled: true
argo-cd: argo-cd:
crds: crds:

View File

@ -0,0 +1,5 @@
kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
resources:
- "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.20.5/controller.yaml"