You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the CRDs in place, we can now bootstrap Argo CD. This is a two-step process.
163
+
164
+
**First, we deploy Argo CD itself.** This `Application` manifest tells Argo CD how to manage its own installation and upgrades directly from this Git repository. This is the "app of apps" pattern.
**Second, we deploy the root ApplicationSet.** This `ApplicationSet` automatically discovers and deploys all the other ApplicationSets in this repository (for infrastructure, monitoring, etc.), creating a fully GitOps-driven deployment.
# Apply the root ApplicationSet. This will deploy everything else.
175
+
kubectl apply -f infrastructure/root-appset.yaml
172
176
```
173
177
178
+
From this point on, every component of your cluster is managed via Git. Any changes pushed to the `main` branch will be automatically synced by Argo CD.
ArgoCD->>Cluster: Syncs all applications based on waves
50
47
```
51
48
52
49
## 📦 Installation Steps
53
50
51
+
The entire cluster bootstrap process is now handled by a two-step apply process. These are the only manual commands needed after setting up Talos and the base kubeconfig.
52
+
54
53
### 1. Install Gateway API CRDs
54
+
This is a prerequisite for Cilium's Gateway API integration.
# Apply the Argo CD application. It will self-manage from this point on.
65
+
kubectl apply -f infrastructure/argocd-app.yaml
62
66
```
63
67
64
-
### 3. Wait for ArgoCD to be ready
68
+
Second, deploy the `root-appset`. This single `ApplicationSet` discovers all other `ApplicationSet` manifests in the repository and deploys them automatically, respecting their defined sync waves.
# Apply the root ApplicationSet. This will deploy everything else.
72
+
kubectl apply -f infrastructure/root-appset.yaml
69
73
```
70
74
75
+
After these two commands, the entire cluster state is managed via Git. No further `kubectl apply` commands are needed for deployment.
76
+
71
77
## 🔧 Project Setup
72
78
73
79
ArgoCD projects define permissions and boundaries for applications. Our cluster uses four main projects:
@@ -77,9 +83,11 @@ ArgoCD projects define permissions and boundaries for applications. Our cluster
77
83
-**applications**: User workloads (media, AI, dev, privacy, etc.)
78
84
-**ai**: Specialized AI/ML workloads
79
85
86
+
These `AppProject` resources are defined in `infrastructure/controllers/argocd/projects.yaml` and are deployed automatically as part of the main `argocd` application.
87
+
80
88
## 📱 ApplicationSet Management
81
89
82
-
We use three main ApplicationSets to manage our deployments:
90
+
We use three main ApplicationSets to manage our deployments, which are discovered and applied automatically by the `root-appset`.
83
91
84
92
### 1. Infrastructure ApplicationSet
85
93
Located at `infrastructure/infrastructure-components-appset.yaml`, this ApplicationSet manages infrastructure components like Cilium, Longhorn, Cert-Manager, and other core services. **All storage (Longhorn, local PVs, StorageClasses) is managed declaratively here.**
@@ -90,20 +98,6 @@ Located at `monitoring/monitoring-components-appset.yaml`, this ApplicationSet m
90
98
### 3. Applications ApplicationSet
91
99
Located at `my-apps/myapplications-appset.yaml`, this ApplicationSet manages user applications like media servers, AI applications, and other user-facing services.
All components described in this document (Cilium, CoreDNS, Gateways, Cloudflare Tunnel) are deployed declaratively as part of the `infrastructure` ApplicationSet. There are no manual `helm` or `kubectl` commands required to deploy them. Their manifests are located in `infrastructure/networking/` and are automatically synced by Argo CD.
This project uses a two-file bootstrap model located in the `/infrastructure` directory, followed by a set of tier-specific ApplicationSets that are discovered automatically.
51
+
52
+
### Bootstrap Files
53
+
-**`infrastructure/argocd-app.yaml`**: This is an Argo CD `Application` that manages Argo CD itself. It points to `infrastructure/controllers/argocd` to deploy the Helm chart and all its configurations, including the `AppProject` definitions. This is the "app of apps" pattern.
54
+
-**`infrastructure/root-appset.yaml`**: This is an `ApplicationSet` that acts as the "appset of appsets". It automatically discovers and deploys all `*appset.yaml` files within the repository, effectively deploying all three tiers of the architecture.
This document outlines the process for upgrading Argo CD to version 3.0, including key changes, rollback procedures, and updated configurations.
4
+
5
+
## Upgrade Process
6
+
7
+
The upgrade is managed through GitOps by updating the Helm chart version in `infrastructure/controllers/argocd/kustomization.yaml`.
8
+
9
+
1.**Update Helm Chart**: The `version` in `kustomization.yaml` was updated to `8.1.1`, which corresponds to Argo CD application version `v3.0.6`.
10
+
2.**Apply Manifests**: The changes were applied by committing the updated files to the Git repository, which Argo CD then automatically syncs.
11
+
12
+
## Key Changes and Resolutions
13
+
14
+
### 1. RBAC Permissions
15
+
16
+
-**Change**: Argo CD v3.0 requires more explicit RBAC permissions. The `*` wildcard is no longer sufficient for many resources.
17
+
-**Resolution**: The `projects.yaml` file was updated to define more granular permissions for the `infrastructure`, `monitoring`, and `my-apps` projects. Wildcards were replaced with specific resource groups and kinds where possible. A `troubleshooting` role was added to the `monitoring` and `my-apps` projects to allow `exec` into pods.
18
+
19
+
### 2. Resource Tracking
20
+
21
+
-**Change**: The default resource tracking method is now `annotation`.
22
+
-**Resolution**: The `application.resourceTrackingMethod` in `values.yaml` is set to `annotation+label` to ensure backward compatibility with existing resources.
23
+
24
+
### 3. Insecure Server
25
+
26
+
-**Change**: The `server.insecure: true` flag was previously used.
27
+
-**Resolution**: This was initially going to be replaced with a TLS certificate, but per your request, we are continuing to use an insecure connection for now.
28
+
29
+
## Rollback Procedure
30
+
31
+
To roll back the upgrade, revert the changes in the Git repository. Specifically:
32
+
33
+
1. Revert the `version` in `infrastructure/controllers/argocd/kustomization.yaml` to the previous version.
34
+
2. Revert the changes to `infrastructure/controllers/argocd/values.yaml` and `infrastructure/controllers/argocd/projects.yaml`.
35
+
3. Commit and push the changes to the Git repository. Argo CD will automatically sync and roll back to the previous version.
0 commit comments