Add ArgoCD (#17)

Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/17
This commit is contained in:
Nikolai Rodionov 2023-02-22 12:52:46 +00:00
parent f13a69426c
commit ef85b41b27
6 changed files with 196 additions and 2 deletions

View File

@ -11,11 +11,17 @@ releases:
installed: true installed: true
namespace: drone-service namespace: drone-service
createNamespace: false createNamespace: false
- <<: *longhorn - <<: *longhorn
installed: true installed: true
namespace: longhorn-system namespace: longhorn-system
createNamespace: false createNamespace: false
- <<: *argocd
installed: true
namespace: argo-system
createNamespace: false
- <<: *nrodionov - <<: *nrodionov
installed: true installed: true
namespace: nrodionov-application namespace: nrodionov-application

View File

@ -0,0 +1,27 @@
server:
config:
dex.config: ENC[AES256_GCM,data:w42nfkrcJlqjDduXn+lR0KHFWoL2lY+fwCnSpGZ46uaQFa+iP6Lr5yCdWfCBUrz+/9OKqqnt5GDD7gV2UH9m4eiJZ2fS0SLKsxgxyD+bPMr/F77+mqh+g7fWpo0GRnUt5kygRWwVzBPBJnp32zOX8TSiOD0Pt6HDcBPngkOWn4JlNQqC0e+NzW91BsLt5qmmF1lOyDKIKuTNOSb2tl1GM+nBad1G0CKXGlKmzT5a6j4p8DzZW6WmFA3824lH1ahwb5sb+ttPWx9C0OE0DOIyGPPNW/rDpwO5fU5+eTX+IwEWJK7/ZDt10X4gO/z4voI=,iv:TzXfBuc3N8iQibibwMblAmlLIsRBPAgm/OOs3zCdwiY=,tag:12ZOQBweFbT4gCcnfNo9nw==,type:str]
configs:
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-22T09:30:43Z"
mac: ENC[AES256_GCM,data:YSSFYlfJT5kCAt7MkuPvR2HMUcodSo410Vn0yZDFcRXb0CoE2KRjbwdkB8BD5DiamdO6viiitlnqRo5gzJv0e0kDu80QEjyCcEImkMSffnufMbFfkQWUylbBGx6iFkDhnsD3iEcYfnaE/W4k5shPYVfOmEjpzMLKX5CcC46oBQY=,iv:CGtXUGTG8Ax8NCkFXXf2eSSvnMW2xEpqUS2Tttzd0RI=,tag:WwIXtMXCUqmiK55f21lUCw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

View File

@ -4,6 +4,7 @@ postgresql:
postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str] postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str]
postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str] postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str]
postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str] postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str]
postgresqlPostgresPassword: ENC[AES256_GCM,data:eAOXc+LouMdlfw==,iv:ePyDlj2wUkI7JoaUE38I7a/2mkaIL6iqN5QVp92FDN4=,tag:SE+BaOK5CZHT/Xowjov/CA==,type:str]
gitea: gitea:
admin: admin:
username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str]
@ -24,8 +25,8 @@ sops:
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-19T20:56:47Z" lastmodified: "2023-02-22T09:43:31Z"
mac: ENC[AES256_GCM,data:I4TVIsmcuFAvOCM9rjMHVAokmNzyAZJZ5tSNnWhLRk+WfOUQ8OMuJ0GlzE9EJxeIM2LMLU475EvKyMnrqmsFFsP7VE+t2yxG3kioAr5zDvaqqJ1OVrpKEGRH+EQrc96vc5bv5v94kqU6uQRdxm+q/or+rMm7Gf0P4vifaQPxBIo=,iv:ujv0Vlh71isP/gG3B96M8f1vA13jAjn7pnrezAqTSVY=,tag:N8I29R21DYvby7t03i5nbA==,type:str] mac: ENC[AES256_GCM,data:CsAwzOnU31crz6+rQjwutDUtZK5Qq9EQHWNYAnmVFhy3fWYT4+9eLK2gSjq+kVZD9QC/vH31Kf1QEKMKu9Kol8TuDZN+UEEuuixQNqi2hcPbMV43HVOFdFOR475jLbkUo2S09Bs6b4i5f7NbpxCuy/am4K0p4K4839cRyN8pADI=,iv:w6tpLCM/FbyMgZpjXF5MVB4/UcBUvOUYzMa9hln4poc=,tag:SMpnEtR2l4H6VRqJPT7Frg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

View File

@ -0,0 +1,148 @@
controller:
resources:
limits:
memory: 512Mi
cpu: 200m
requests:
cpu: 100m
memory: 512Mi
metrics:
enabled: false
applicationLabels:
enabled: false
labels: []
service:
annotations: {}
labels: {}
servicePort: 8082
portName: http-metrics
serviceMonitor:
enabled: false
interval: 30s
relabelings: []
metricRelabelings: []
selector: {}
scheme: ""
tlsConfig: {}
additionalLabels: {}
rules:
enabled: false
spec: []
dex:
metrics:
enabled: false
serviceMonitor:
enabled: false
redis:
metrics:
enabled: false
serviceMonitor:
enabled: false
server:
metrics:
enabled: false
serviceMonitor:
enabled: false
rbacConfig:
policy.default: role:readonly
scopes: "[email, group]"
policy.csv: |
g, allanger@zohomail.com, role:admin
g, rodion.n.rodionov@gmail.com, role:admin
config:
exec.enabled: "true"
url: https://argo.badhouseplants.net
kustomize.buildOptions: "--enable-alpha-plugins"
extraArgs:
- --insecure
repoServer:
metrics:
enabled: true
serviceMonitor:
enabled: false
imagePullSecrets:
- name: regcred
volumes:
- emptyDir: {}
name: cmp-tmp
- name: custom-tools
emptyDir: {}
- name: helm-plugins
emptyDir: {}
env:
- name: HELM_PLUGINS
value: /helm-plugins
- name: install-ksops
image: viaductoss/ksops:v3.0.2
command: ["/bin/sh", "-c"]
args:
- echo "Installing KSOPS...";
mv ksops /custom-tools/;
mv $GOPATH/bin/kustomize /custom-tools/;
echo "Done.";
volumeMounts:
- mountPath: /custom-tools
name: custom-tools
- name: install-helm-secrets
image: alpine:latest
command: [sh, -ec]
env:
- name: HELM_SECRETS_VERSION
value: "3.12.0"
- name: KUBECTL_VERSION
value: "1.24.3"
- name: VALS_VERSION
value: "0.18.0"
- name: SOPS_VERSION
value: "3.7.3"
args:
- |
mkdir -p /custom-tools/helm-plugins
wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-;
wget -qO /custom-tools/sops https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux
wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
wget -qO- https://github.com/variantdev/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals;
chmod +x /custom-tools/*
volumeMounts:
- mountPath: /custom-tools
name: custom-tools
volumeMounts:
- mountPath: /usr/local/bin/kustomize
name: custom-tools
subPath: kustomize
- mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops
name: custom-tools
subPath: ksops
- mountPath: /helm-plugins
name: helm-plugins
configs:
credentialTemplates:
ssh-creds:
url: git@github.com
applicationSet:
metrics:
enabled: false
serviceMonitor:
enabled: false
repositories:
argo-deployment:
url: git@github.com:allanger/argo-deployment.git
name: argo-deployment
insecure: "true"
type: git
cluster-config:
url: git@github.com:allanger/cluster-config.git
name: cluster-config
insecure: "true"
type: git

View File

@ -51,6 +51,15 @@ templates:
version: 1.4.0 version: 1.4.0
inherit: inherit:
- template: default-env-values - template: default-env-values
argocd: &argocd
name: argocd
chart: argo/argo-cd
version: 5.20.2
inherit:
- template: crd-management-hook
- template: default-env-values
- template: default-env-secrets
# ---------------------------- # ----------------------------
# -- Istio # -- Istio
# ---------------------------- # ----------------------------

View File

@ -22,3 +22,6 @@ repositories:
url: https://dl.gitea.io/charts/ url: https://dl.gitea.io/charts/
- name: ananace-charts - name: ananace-charts
url: https://ananace.gitlab.io/charts url: https://ananace.gitlab.io/charts
- name: argo
url: https://argoproj.github.io/argo-helm