mirror of
https://github.com/amkartashov/gf-k8s.git
synced 2026-01-10 17:39:43 +00:00
3.3 KiB
3.3 KiB
GitOps repository for kubernetes cluster
Applications&Projects
| Application | Description | Status |
|---|---|---|
default, umbrella app-of-apps |
||
| System | System app of apps | |
| Apps | Main app of apps | |
system, cluster system apps |
||
| ArgoCD | GitOps tool for Kubernetes | |
| Cilium | Cluster CNI plugin | |
| Nginx Ingress Controller | Ingress Controller | |
| Cert Manager | Certificate Management | |
apps, user level applications |
Cluster initialization
Single node cluster.
OS: Debian 11
Cluster created with kubeadm https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
ArgoCD bootstrap
-
Create ssh key for argocd, f.e.
ssh-keygen -f .ssh/argocd.ioot.xyz -
Add pub key .ssh/argocd.ioot.xyz.pub to https://github.com/amkartashov/gf-k8s/settings/keys/new
-
Run bootstrap script
scripts/bootstrap.sh -k gullfaxi -e gullfaxi -
Add git repo:
argocd login --grpc-web argocd.ioot.xyz argocd repo add git@github.com:amkartashov/gf-k8s --ssh-private-key-path ~/.ssh/argocd.ioot.xyz -
Create new Oauth application https://github.com/settings/applications/new:
- Application name: argocd.ioot.xyz
- Homepage URL: https://argocd.ioot.xyz/
- Authorization callback URL: https://argocd.ioot.xyz/api/dex/callback
- Update dex client id and secret:
kubectl --context gullfaxi -n argocd patch secret argocd-secret \ --patch='{"stringData": { "dex.github.clientId": "REPLACE", "dex.github.clientSecret": "REPLACE" }}'
-
Remove secret
kubectl --context gullfaxi -n argocd delete secret argocd-initial-admin-secret.
Passing Sensitive Parameters in ArgoCD apps
Used methods:
- manually creating K8s secrets (f.e. this way is used to configure repo secret in argocd)
- manually updating K8s secrets (f.e. this way is used to configure GitHub Oauth App client secret)
- modifying helm parameters in application