Skip to content

Commit 43310f1

Browse files
committed
up
1 parent 31569e0 commit 43310f1

3 files changed

Lines changed: 106 additions & 139 deletions

File tree

README.md

Lines changed: 46 additions & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ A GitOps-driven Kubernetes cluster using **Talos OS** (secure, immutable Linux f
1515
- [3. Boot & Bootstrap Talos Nodes](#3-boot--bootstrap-talos-nodes)
1616
- [4. Apply Machine Configs](#4-apply-machine-configs)
1717
- [5. Install Gateway API CRDs](#5-install-gateway-api-crds)
18-
- [6. Install ArgoCD](#6-install-argocd)
18+
- [6. Install ArgoCD & All Apps](#6-install-argocd--all-apps)
1919
- [7. Configure Secret Management](#7-configure-secret-management)
2020
- [8. Final Deployment](#8-final-deployment)
2121
- [Verification](#-verification)
@@ -38,72 +38,50 @@ A GitOps-driven Kubernetes cluster using **Talos OS** (secure, immutable Linux f
3838
## 🏗️ Architecture
3939

4040
```mermaid
41-
graph TD
42-
subgraph "Argo CD Projects"
43-
IP[Infrastructure Project] --> IAS[Infrastructure ApplicationSet]
44-
MP[Monitoring Project] --> MAS[Monitoring ApplicationSet]
45-
AP[Applications Project] --> AAS[Applications ApplicationSet]
46-
AIP[AI Project] --> AIAS[AI ApplicationSet]
47-
end
48-
49-
subgraph "Infrastructure Components"
50-
IAS --> N[Networking]
51-
IAS --> S[Storage]
52-
IAS --> C[Controllers]
53-
IAS --> DB[Database]
54-
55-
N --> Cilium
56-
N --> Cloudflared
57-
N --> Gateway
58-
59-
S --> Longhorn
60-
S --> VolumeSnapshots
61-
62-
C --> CertManager
63-
C --> ExternalSecrets
41+
graph TD;
42+
subgraph "Git Repository"
43+
Root["root-appset.yaml<br/>(path: infrastructure/root-appset.yaml)"]
6444
65-
DB --> CloudNativePG
66-
end
67-
68-
subgraph "Monitoring Stack"
69-
MAS --> Prometheus
70-
MAS --> Grafana
71-
MAS --> AlertManager
72-
MAS --> Loki
45+
DirInfra["infrastructure/*/*<br/>(e.g., controllers/argocd)"]
46+
DirMon["monitoring/*<br/>(e.g., loki-stack)"]
47+
DirApps["my-apps/*/*<br/>(e.g., media/plex)"]
48+
49+
Root -- "scans path" --> DirInfra
50+
Root -- "scans path" --> DirMon
51+
Root -- "scans path" --> DirApps
7352
end
74-
75-
subgraph "User Applications"
76-
AAS --> Home[Home Apps]
77-
AAS --> Media[Media Apps]
78-
AAS --> Dev[Dev Tools]
79-
AAS --> Privacy[Privacy Apps]
80-
81-
Home --> Frigate
82-
Home --> WyzeBridge
83-
84-
Media --> Plex
85-
Media --> Jellyfin
86-
87-
Dev --> Kafka
88-
Dev --> Temporal
53+
54+
subgraph "Argo CD"
55+
Argo["Argo CD Controller"] -- "Syncs" --> Root;
8956
90-
Privacy --> SearXNG
91-
Privacy --> LibReddit
57+
subgraph "Generated Applications"
58+
App1["App: controllers-argocd"]
59+
App2["App: database-redis"]
60+
App3["App: monitoring-loki-stack"]
61+
App4["App: media-plex"]
62+
AppEtc["... and so on"]
63+
end
64+
65+
Argo -- "Generates from Template" --> App1
66+
Argo -- "Generates from Template" --> App2
67+
Argo -- "Generates from Template" --> App3
68+
Argo -- "Generates from Template" --> App4
9269
end
9370
94-
subgraph "AI Applications"
95-
AIAS --> Ollama
96-
AIAS --> ComfyUI
71+
subgraph "Kubernetes Cluster"
72+
Res1["Argo CD Pods & CRDs"]
73+
Res2["Redis Pods & Services"]
74+
Res3["Loki Pods & Services"]
75+
Res4["Plex Pod & Ingress"]
9776
end
9877
99-
style IP fill:#f9f,stroke:#333,stroke-width:2px
100-
style AP fill:#f9f,stroke:#333,stroke-width:2px
101-
style MP fill:#f9f,stroke:#333,stroke-width:2px
102-
style AIP fill:#f9f,stroke:#333,stroke-width:2px
103-
style IAS fill:#bbf,stroke:#333,stroke-width:2px
104-
style MAS fill:#bbf,stroke:#333,stroke-width:2px
105-
style AAS fill:#bbf,stroke:#333,stroke-width:2px
106-
style AIAS fill:#bbf,stroke:#333,stroke-width:2px
78+
App1 -- "syncs infrastructure/controllers/argocd" --> Res1;
79+
App2 -- "syncs infrastructure/database/redis" --> Res2;
80+
App3 -- "syncs monitoring/loki-stack" --> Res3;
81+
App4 -- "syncs my-apps/media/plex" --> Res4;
82+
83+
style Root fill:#f9f,stroke:#333,stroke-width:2px;
84+
style Argo fill:#9cf,stroke:#333,stroke-width:2px
10785
```
10886

10987
### Key Features
@@ -158,23 +136,16 @@ kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/downloa
158136
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/experimental-install.yaml
159137
```
160138

161-
### 6. Install ArgoCD
162-
With the CRDs in place, we can now bootstrap Argo CD. This is a two-step process.
139+
### 6. Install ArgoCD & All Apps
140+
With the CRDs in place, we can bootstrap Argo CD and deploy the entire cluster with a single command.
163141

164-
**First, we deploy Argo CD itself.** This `Application` manifest tells Argo CD how to manage its own installation and upgrades directly from this Git repository. This is the "app of apps" pattern.
142+
This `Application` manifest tells Argo CD how to manage its own installation. Once running, Argo CD will automatically sync the `root-appset.yaml` located in the `infrastructure` directory. This `ApplicationSet` will then discover and deploy every other component and application in the repository.
165143

166144
```bash
167-
# Apply the Argo CD application. It will self-manage from this point on.
145+
# Apply the Argo CD application. It will self-manage and deploy everything else.
168146
kubectl apply -f infrastructure/argocd-app.yaml
169147
```
170148

171-
**Second, we deploy the root ApplicationSet.** This `ApplicationSet` automatically discovers and deploys all the other ApplicationSets in this repository (for infrastructure, monitoring, etc.), creating a fully GitOps-driven deployment.
172-
173-
```bash
174-
# Apply the root ApplicationSet. This will deploy everything else.
175-
kubectl apply -f infrastructure/root-appset.yaml
176-
```
177-
178149
From this point on, every component of your cluster is managed via Git. Any changes pushed to the `main` branch will be automatically synced by Argo CD.
179150

180151
### 7. Configure Secret Management
@@ -283,18 +254,16 @@ While this setup uses a single node, you can add worker nodes for additional com
283254
│ │ └── argocd/ # ArgoCD configuration and projects
284255
│ ├── networking/ # Network configurations
285256
│ ├── storage/ # Storage configurations
286-
│ └── infrastructure-components-appset.yaml # Main infrastructure ApplicationSet
257+
│ └── root-appset.yaml # Main infrastructure ApplicationSet
287258
├── monitoring/ # Monitoring components
288-
│ ├── k8s-monitoring/ # Kubernetes monitoring stack
289-
│ └── monitoring-components-appset.yaml # Main monitoring ApplicationSet
259+
│ ├── loki-stack/ # Loki logging stack
260+
│ └── prometheus-stack/ # Prometheus monitoring stack
290261
├── my-apps/ # User applications
291262
│ ├── ai/ # AI-related applications
292263
│ ├── media/ # Media applications
293264
│ ├── development/ # Development tools
294-
│ ├── external/ # External service integrations
295265
│ ├── home/ # Home automation apps
296-
│ ├── privacy/ # Privacy-focused applications
297-
│ └── myapplications-appset.yaml # Main applications ApplicationSet
266+
│ └── privacy/ # Privacy-focused applications
298267
├── docs/ # Documentation
299268
│ ├── argocd.md # ArgoCD setup and workflow
300269
│ ├── network.md # Network configuration

docs/argocd.md

Lines changed: 58 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -2,53 +2,62 @@
22

33
This guide details the setup and configuration of ArgoCD, which serves as the GitOps engine for our **Talos-based Kubernetes cluster**.
44

5-
## 📋 Overview
5+
## 📋 Overview & Deployment Flow
66

7-
```mermaid
8-
graph TD
9-
A[Talos Cluster] -->|Install| B[ArgoCD]
10-
B -->|Create| C[AppProjects]
11-
C -->|Deploy| D[ApplicationSets]
12-
D -->|Generate| E[Applications]
13-
E -->|Sync| F[Resources]
14-
subgraph "Three-Tier Architecture"
15-
G[Infrastructure Tier]
16-
H[Monitoring Tier]
17-
I[Applications Tier]
18-
end
19-
D --> G
20-
D --> H
21-
D --> I
22-
```
7+
The cluster's GitOps process is managed by a single, root `ApplicationSet` that implements the **App of Apps** pattern. This `ApplicationSet` is responsible for discovering and managing all other applications, including infrastructure, monitoring, and user-facing apps. This centralized approach simplifies management and ensures the entire cluster state is declared in one place.
238

24-
## 🔄 Deployment Flow
9+
The new deployment flow is as follows:
2510

2611
```mermaid
27-
sequenceDiagram
28-
participant User
29-
participant Cluster
30-
participant ArgoCD
31-
32-
User->>Cluster: 1. Apply Self-Managed ArgoCD App
33-
Note over User,Cluster: kubectl apply -f infrastructure/argocd-app.yaml
34-
Cluster->>ArgoCD: Creates ArgoCD Application
35-
ArgoCD->>ArgoCD: Self-manages and installs/upgrades itself
12+
graph TD;
13+
subgraph "Git Repository"
14+
Root["root-appset.yaml<br/>(path: infrastructure/root-appset.yaml)"]
15+
16+
DirInfra["infrastructure/*/*<br/>(e.g., controllers/argocd)"]
17+
DirMon["monitoring/*<br/>(e.g., loki-stack)"]
18+
DirApps["my-apps/*/*<br/>(e.g., media/plex)"]
19+
20+
Root -- "scans path" --> DirInfra
21+
Root -- "scans path" --> DirMon
22+
Root -- "scans path" --> DirApps
23+
end
3624
37-
User->>Cluster: 2. Apply Root ApplicationSet
38-
Note over User,Cluster: kubectl apply -f infrastructure/root-appset.yaml
39-
Cluster->>ArgoCD: Creates Root ApplicationSet
40-
41-
ArgoCD->>ArgoCD: Discovers all *appset.yaml files
42-
ArgoCD->>Cluster: Creates Infrastructure ApplicationSet
43-
ArgoCD->>Cluster: Creates Monitoring ApplicationSet
44-
ArgoCD->>Cluster: Creates Applications ApplicationSet
25+
subgraph "Argo CD"
26+
Argo["Argo CD Controller"] -- "Syncs" --> Root;
27+
28+
subgraph "Generated Applications"
29+
App1["App: controllers-argocd"]
30+
App2["App: database-redis"]
31+
App3["App: monitoring-loki-stack"]
32+
App4["App: media-plex"]
33+
AppEtc["... and so on"]
34+
end
35+
36+
Argo -- "Generates from Template" --> App1
37+
Argo -- "Generates from Template" --> App2
38+
Argo -- "Generates from Template" --> App3
39+
Argo -- "Generates from Template" --> App4
40+
end
4541
46-
ArgoCD->>Cluster: Syncs all applications based on waves
42+
subgraph "Kubernetes Cluster"
43+
Res1["Argo CD Pods & CRDs"]
44+
Res2["Redis Pods & Services"]
45+
Res3["Loki Pods & Services"]
46+
Res4["Plex Pod & Ingress"]
47+
end
48+
49+
App1 -- "syncs infrastructure/controllers/argocd" --> Res1;
50+
App2 -- "syncs infrastructure/database/redis" --> Res2;
51+
App3 -- "syncs monitoring/loki-stack" --> Res3;
52+
App4 -- "syncs my-apps/media/plex" --> Res4;
53+
54+
style Root fill:#f9f,stroke:#333,stroke-width:2px;
55+
style Argo fill:#9cf,stroke:#333,stroke-width:2px;
4756
```
4857

4958
## 📦 Installation Steps
5059

51-
The entire cluster bootstrap process is now handled by a two-step apply process. These are the only manual commands needed after setting up Talos and the base kubeconfig.
60+
The entire cluster bootstrap process is now handled by a single `Application` manifest. This is the only manual command needed after setting up Talos and the base kubeconfig.
5261

5362
### 1. Install Gateway API CRDs
5463
This is a prerequisite for Cilium's Gateway API integration.
@@ -57,46 +66,34 @@ kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/downloa
5766
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/experimental-install.yaml
5867
```
5968

60-
### 2. Bootstrap Argo CD and Deploy All Applications
61-
First, deploy the self-managing Argo CD `Application`. This uses the "app of apps" pattern to make Argo CD manage its own installation and upgrades.
62-
63-
```bash
64-
# Apply the Argo CD application. It will self-manage from this point on.
65-
kubectl apply -f infrastructure/argocd-app.yaml
66-
```
69+
### 2. Bootstrap Argo CD and Deploy Everything
70+
Deploy the self-managing Argo CD `Application`. This uses the "app of apps" pattern to make Argo CD manage its own installation and upgrades. The `Application` points to the `infrastructure/controllers/argocd` directory, which contains the Argo CD Helm chart configuration.
6771

68-
Second, deploy the `root-appset`. This single `ApplicationSet` discovers all other `ApplicationSet` manifests in the repository and deploys them automatically, respecting their defined sync waves.
72+
Once Argo CD is running, it will automatically sync the `root-appset.yaml` from the `infrastructure` directory, which will then discover and deploy all other applications.
6973

7074
```bash
71-
# Apply the root ApplicationSet. This will deploy everything else.
72-
kubectl apply -f infrastructure/root-appset.yaml
75+
# Apply the Argo CD application. It will self-manage and deploy everything else from this point on.
76+
kubectl apply -f infrastructure/argocd-app.yaml
7377
```
74-
75-
After these two commands, the entire cluster state is managed via Git. No further `kubectl apply` commands are needed for deployment.
78+
After this command, the entire cluster state is managed via Git. No further `kubectl apply` commands are needed for deployment.
7679

7780
## 🔧 Project Setup
7881

79-
ArgoCD projects define permissions and boundaries for applications. Our cluster uses four main projects:
82+
ArgoCD projects define permissions and boundaries for applications. Our cluster uses three main projects, which are automatically assigned by the root `ApplicationSet`:
8083

8184
- **infrastructure**: Cilium, Longhorn, Cert-Manager, External Secrets, etc.
8285
- **monitoring**: Prometheus, Grafana, Loki, Alertmanager, etc.
83-
- **applications**: User workloads (media, AI, dev, privacy, etc.)
84-
- **ai**: Specialized AI/ML workloads
86+
- **my-apps**: All user workloads (media, AI, dev, privacy, etc.)
8587

86-
These `AppProject` resources are defined in `infrastructure/controllers/argocd/projects.yaml` and are deployed automatically as part of the main `argocd` application.
88+
These `AppProject` resources are defined in `infrastructure/projects.yaml` and are deployed automatically as part of the `infrastructure-controllers-argocd` application.
8789

8890
## 📱 ApplicationSet Management
8991

90-
We use three main ApplicationSets to manage our deployments, which are discovered and applied automatically by the `root-appset`.
91-
92-
### 1. Infrastructure ApplicationSet
93-
Located at `infrastructure/infrastructure-components-appset.yaml`, this ApplicationSet manages infrastructure components like Cilium, Longhorn, Cert-Manager, and other core services. **All storage (Longhorn, local PVs, StorageClasses) is managed declaratively here.**
92+
Management is now centralized in a single root `ApplicationSet` located at `infrastructure/root-appset.yaml`.
9493

95-
### 2. Monitoring ApplicationSet
96-
Located at `monitoring/monitoring-components-appset.yaml`, this ApplicationSet manages monitoring components like Prometheus, Grafana, Loki, and other observability tools.
94+
This `ApplicationSet` uses a `directories` generator to scan the repository for all individual application and component directories. For each directory found, it generates a unique Argo CD `Application` resource with the correct settings, including the `kustomize-build-with-helm` plugin to handle any combination of manifests.
9795

98-
### 3. Applications ApplicationSet
99-
Located at `my-apps/myapplications-appset.yaml`, this ApplicationSet manages user applications like media servers, AI applications, and other user-facing services.
96+
This new model eliminates nested `ApplicationSet` resources and provides a flat, easy-to-understand list of applications in the Argo CD UI.
10097

10198
## 📂 Repository Structure
10299

infrastructure/controllers/argocd/kustomization.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
22
kind: Kustomization
33
resources:
44
- ns.yaml
5+
- ../../root-appset.yaml
6+
- ../../projects.yaml
57
- http-route.yaml
6-
- projects.yaml
78
helmCharts:
89
- name: argo-cd
910
repo: https://argoproj.github.io/argo-helm

0 commit comments

Comments
 (0)