Skip to content

Commit 929cfb7

Browse files
committed
try new argo
1 parent 39cb965 commit 929cfb7

10 files changed

Lines changed: 203 additions & 134 deletions

File tree

README.md

Lines changed: 15 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -159,18 +159,24 @@ kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/downloa
159159
```
160160

161161
### 6. Install ArgoCD
162+
With the CRDs in place, we can now bootstrap Argo CD. This is a two-step process.
163+
164+
**First, we deploy Argo CD itself.** This `Application` manifest tells Argo CD how to manage its own installation and upgrades directly from this Git repository. This is the "app of apps" pattern.
165+
162166
```bash
163-
# Install ArgoCD with custom configuration
164-
kubectl kustomize --enable-helm infrastructure/controllers/argocd | kubectl apply -f -
167+
# Apply the Argo CD application. It will self-manage from this point on.
168+
kubectl apply -f infrastructure/argocd-app.yaml
169+
```
165170

166-
# Wait for ArgoCD to be ready
167-
kubectl wait --for=condition=available deployment -l app.kubernetes.io/name=argocd-server -n argocd --timeout=300s
171+
**Second, we deploy the root ApplicationSet.** This `ApplicationSet` automatically discovers and deploys all the other ApplicationSets in this repository (for infrastructure, monitoring, etc.), creating a fully GitOps-driven deployment.
168172

169-
# Wait for CRDs to be established
170-
kubectl wait --for=condition=established crd/applications.argoproj.io --timeout=60s
171-
kubectl wait --for=condition=established crd/appprojects.argoproj.io --timeout=60s
173+
```bash
174+
# Apply the root ApplicationSet. This will deploy everything else.
175+
kubectl apply -f infrastructure/root-appset.yaml
172176
```
173177

178+
From this point on, every component of your cluster is managed via Git. Any changes pushed to the `main` branch will be automatically synced by Argo CD.
179+
174180
### 7. Configure Secret Management
175181
```bash
176182
# Create required namespaces
@@ -196,24 +202,6 @@ kubectl create secret generic 1passwordconnect \
196202
--namespace external-secrets
197203
```
198204

199-
### 8. Final Deployment
200-
201-
Deploy the three-tier structure in order:
202-
203-
```bash
204-
# 1. First apply the ArgoCD projects
205-
kubectl apply -f infrastructure/controllers/argocd/projects.yaml -n argocd
206-
207-
# 2. Apply infrastructure components (sync wave -2 ensures they run first)
208-
kubectl apply -f infrastructure/infrastructure-components-appset.yaml -n argocd
209-
210-
# 3. Apply monitoring components (sync wave 0)
211-
kubectl apply -f monitoring/monitoring-components-appset.yaml -n argocd
212-
213-
# 4. Finally, apply user applications (sync wave 1 ensures they run last)
214-
kubectl apply -f my-apps/myapplications-appset.yaml -n argocd
215-
```
216-
217205
### Key Deployment Features
218206
- Three-tier architecture separating infrastructure, monitoring, and applications
219207
- Sync waves ensure proper deployment order
@@ -341,10 +329,8 @@ kubectl get applicationsets -n argocd -o name | xargs -I{} kubectl patch {} -n a
341329
kubectl delete applicationsets --all -n argocd
342330

343331
# Only then apply the new structure in order
344-
kubectl apply -f infrastructure/controllers/argocd/projects.yaml -n argocd
345-
kubectl apply -f infrastructure/infrastructure-components-appset.yaml -n argocd
346-
kubectl apply -f monitoring/monitoring-components-appset.yaml -n argocd
347-
kubectl apply -f my-apps/myapplications-appset.yaml -n argocd
332+
kubectl apply -f infrastructure/argocd-app.yaml
333+
kubectl apply -f infrastructure/root-appset.yaml
348334
```
349335

350336
## 🤝 Contributing

bootstrap/root-appset.yaml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
apiVersion: argoproj.io/v1alpha1
2+
kind: ApplicationSet
3+
metadata:
4+
name: root-applicationset
5+
namespace: argocd
6+
spec:
7+
generators:
8+
- git:
9+
repoURL: https://github.com/mitch-ross/k3s-argocd-proxmox.git
10+
revision: HEAD
11+
# Find all ApplicationSet files in the repository.
12+
files:
13+
- path: "**/*appset.yaml"
14+
template:
15+
metadata:
16+
name: '{{path.basename}}-app'
17+
namespace: argocd
18+
spec:
19+
project: default
20+
source:
21+
repoURL: https://github.com/mitch-ross/k3s-argocd-proxmox.git
22+
targetRevision: HEAD
23+
path: '{{path}}'
24+
destination:
25+
server: https://kubernetes.default.svc
26+
namespace: argocd
27+
syncPolicy:
28+
automated:
29+
prune: true
30+
selfHeal: true
31+
syncOptions:
32+
- CreateNamespace=true

docs/argocd.md

Lines changed: 36 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -26,48 +26,54 @@ graph TD
2626
```mermaid
2727
sequenceDiagram
2828
participant User
29-
participant ArgoCD
3029
participant Cluster
31-
User->>Cluster: Install Initial Components (Talos bootstrapping)
32-
Note over User,Cluster: talosctl bootstrap, apply configs
33-
User->>Cluster: Apply ArgoCD projects
34-
Note over User,Cluster: kubectl apply -f projects.yaml
35-
User->>Cluster: Apply Infrastructure ApplicationSet
36-
Note over User,Cluster: kubectl apply -f infrastructure-components-appset.yaml
37-
Cluster->>ArgoCD: Create Infrastructure Applications
38-
ArgoCD->>Cluster: Deploy Infrastructure Components (wave -2)
39-
Note over ArgoCD,Cluster: Cilium, Longhorn, Cert-Manager, etc.
40-
User->>Cluster: Apply Monitoring ApplicationSet
41-
Note over User,Cluster: kubectl apply -f monitoring-components-appset.yaml
42-
Cluster->>ArgoCD: Create Monitoring Applications
43-
ArgoCD->>Cluster: Deploy Monitoring Components (wave 0)
44-
Note over ArgoCD,Cluster: Prometheus, Grafana, Loki, etc.
45-
User->>Cluster: Apply Applications ApplicationSet
46-
Note over User,Cluster: kubectl apply -f myapplications-appset.yaml
47-
Cluster->>ArgoCD: Create User Applications
48-
ArgoCD->>Cluster: Deploy User Applications (wave 1)
49-
Note over ArgoCD,Cluster: Media apps, AI tools, etc.
30+
participant ArgoCD
31+
32+
User->>Cluster: 1. Apply Self-Managed ArgoCD App
33+
Note over User,Cluster: kubectl apply -f infrastructure/argocd-app.yaml
34+
Cluster->>ArgoCD: Creates ArgoCD Application
35+
ArgoCD->>ArgoCD: Self-manages and installs/upgrades itself
36+
37+
User->>Cluster: 2. Apply Root ApplicationSet
38+
Note over User,Cluster: kubectl apply -f infrastructure/root-appset.yaml
39+
Cluster->>ArgoCD: Creates Root ApplicationSet
40+
41+
ArgoCD->>ArgoCD: Discovers all *appset.yaml files
42+
ArgoCD->>Cluster: Creates Infrastructure ApplicationSet
43+
ArgoCD->>Cluster: Creates Monitoring ApplicationSet
44+
ArgoCD->>Cluster: Creates Applications ApplicationSet
45+
46+
ArgoCD->>Cluster: Syncs all applications based on waves
5047
```
5148

5249
## 📦 Installation Steps
5350

51+
The entire cluster bootstrap process is now handled by a two-step apply process. These are the only manual commands needed after setting up Talos and the base kubeconfig.
52+
5453
### 1. Install Gateway API CRDs
54+
This is a prerequisite for Cilium's Gateway API integration.
5555
```bash
56-
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/experimental-install.yaml
56+
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
57+
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/experimental-install.yaml
5758
```
5859

59-
### 2. Apply custom ArgoCD configuration
60+
### 2. Bootstrap Argo CD and Deploy All Applications
61+
First, deploy the self-managing Argo CD `Application`. This uses the "app of apps" pattern to make Argo CD manage its own installation and upgrades.
62+
6063
```bash
61-
kubectl kustomize --enable-helm infrastructure/controllers/argocd | kubectl apply -f -
64+
# Apply the Argo CD application. It will self-manage from this point on.
65+
kubectl apply -f infrastructure/argocd-app.yaml
6266
```
6367

64-
### 3. Wait for ArgoCD to be ready
68+
Second, deploy the `root-appset`. This single `ApplicationSet` discovers all other `ApplicationSet` manifests in the repository and deploys them automatically, respecting their defined sync waves.
69+
6570
```bash
66-
kubectl wait --for=condition=available deployment -l app.kubernetes.io/name=argocd-server -n argocd --timeout=300s
67-
kubectl wait --for=condition=established crd/applications.argoproj.io --timeout=60s
68-
kubectl wait --for=condition=established crd/appprojects.argoproj.io --timeout=60s
71+
# Apply the root ApplicationSet. This will deploy everything else.
72+
kubectl apply -f infrastructure/root-appset.yaml
6973
```
7074

75+
After these two commands, the entire cluster state is managed via Git. No further `kubectl apply` commands are needed for deployment.
76+
7177
## 🔧 Project Setup
7278

7379
ArgoCD projects define permissions and boundaries for applications. Our cluster uses four main projects:
@@ -77,9 +83,11 @@ ArgoCD projects define permissions and boundaries for applications. Our cluster
7783
- **applications**: User workloads (media, AI, dev, privacy, etc.)
7884
- **ai**: Specialized AI/ML workloads
7985

86+
These `AppProject` resources are defined in `infrastructure/controllers/argocd/projects.yaml` and are deployed automatically as part of the main `argocd` application.
87+
8088
## 📱 ApplicationSet Management
8189

82-
We use three main ApplicationSets to manage our deployments:
90+
We use three main ApplicationSets to manage our deployments, which are discovered and applied automatically by the `root-appset`.
8391

8492
### 1. Infrastructure ApplicationSet
8593
Located at `infrastructure/infrastructure-components-appset.yaml`, this ApplicationSet manages infrastructure components like Cilium, Longhorn, Cert-Manager, and other core services. **All storage (Longhorn, local PVs, StorageClasses) is managed declaratively here.**
@@ -90,20 +98,6 @@ Located at `monitoring/monitoring-components-appset.yaml`, this ApplicationSet m
9098
### 3. Applications ApplicationSet
9199
Located at `my-apps/myapplications-appset.yaml`, this ApplicationSet manages user applications like media servers, AI applications, and other user-facing services.
92100

93-
## 🔢 Deployment Order
94-
Apply the resources in the following order:
95-
96-
1. Apply the projects first:
97-
```bash
98-
kubectl apply -f infrastructure/controllers/argocd/projects.yaml -n argocd
99-
```
100-
2. Apply the ApplicationSets in order:
101-
```bash
102-
kubectl apply -f infrastructure/infrastructure-components-appset.yaml -n argocd
103-
kubectl apply -f monitoring/monitoring-components-appset.yaml -n argocd
104-
kubectl apply -f my-apps/myapplications-appset.yaml -n argocd
105-
```
106-
107101
## 📂 Repository Structure
108102

109103
The repository follows a clean three-tier structure:

docs/network.md

Lines changed: 2 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -291,56 +291,8 @@ sequenceDiagram
291291
Pod->>External: Response (reverse path)
292292
```
293293

294-
## Setup Steps
295-
296-
### 1. Install Cilium (Infrastructure Tier)
297-
298-
Cilium is installed via Helm as part of the infrastructure tier:
299-
300-
```bash
301-
# Installing Cilium via Helm is handled automatically by the infrastructure ApplicationSet
302-
# The Helm chart is located at infrastructure/networking/cilium
303-
# You can view the values at infrastructure/networking/cilium/values.yaml
304-
305-
# To manually install Cilium:
306-
helm repo add cilium https://helm.cilium.io/
307-
helm install cilium cilium/cilium \
308-
--namespace kube-system \
309-
--set kubeProxyReplacement=strict \
310-
--set gatewayAPI.enabled=true \
311-
--set-string extraConfig.enable-gateway-api=true \
312-
--set ipam.mode=kubernetes
313-
314-
# Verify Cilium is running
315-
kubectl -n kube-system get pods -l k8s-app=cilium
316-
```
317-
318-
### 2. Configure CoreDNS
319-
```bash
320-
# Apply custom CoreDNS configuration
321-
kubectl apply -f infrastructure/networking/coredns/coredns-custom.yaml
322-
323-
# Restart CoreDNS to apply changes
324-
kubectl rollout restart -n kube-system deployment coredns
325-
```
326-
327-
### 3. Setup Gateways
328-
```bash
329-
# Create gateway namespace
330-
kubectl create namespace gateway-system
331-
332-
# Apply gateway configurations
333-
kubectl apply -f infrastructure/networking/gateway/
334-
```
335-
336-
### 4. Configure Cloudflare
337-
```bash
338-
# Add tunnel secrets (see external-services.md)
339-
kubectl apply -f infrastructure/networking/cloudflared/secrets.yaml
340-
341-
# Deploy cloudflared tunnel
342-
kubectl apply -f infrastructure/networking/cloudflared/deployment.yaml
343-
```
294+
## Declarative Setup
295+
All components described in this document (Cilium, CoreDNS, Gateways, Cloudflare Tunnel) are deployed declaratively as part of the `infrastructure` ApplicationSet. There are no manual `helm` or `kubectl` commands required to deploy them. Their manifests are located in `infrastructure/networking/` and are automatically synced by Argo CD.
344296

345297
## Validation
346298

docs/structure.md

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
```plaintext
44
.
55
├── infrastructure/ # Infrastructure components
6+
│ ├── argocd-app.yaml # ArgoCD self-management Application
7+
│ ├── root-appset.yaml # Root ApplicationSet to deploy all tiers
68
│ ├── controllers/ # Kubernetes controllers
79
│ │ └── argocd/ # ArgoCD configuration and projects
810
│ ├── networking/ # Network configurations
@@ -39,25 +41,33 @@
3941
- Standardized application structure in each folder
4042

4143
3. **Simplified Management**
42-
- One ApplicationSet per tier
44+
- A root ApplicationSet deploys one ApplicationSet per tier
4345
- Clear separation of concerns
4446
- Controlled deployment order through sync waves
4547

46-
## ApplicationSet Organization
48+
## Bootstrap and ApplicationSet Organization
4749

48-
### `/infrastructure/infrastructure-components-appset.yaml`
50+
This project uses a two-file bootstrap model located in the `/infrastructure` directory, followed by a set of tier-specific ApplicationSets that are discovered automatically.
51+
52+
### Bootstrap Files
53+
- **`infrastructure/argocd-app.yaml`**: This is an Argo CD `Application` that manages Argo CD itself. It points to `infrastructure/controllers/argocd` to deploy the Helm chart and all its configurations, including the `AppProject` definitions. This is the "app of apps" pattern.
54+
- **`infrastructure/root-appset.yaml`**: This is an `ApplicationSet` that acts as the "appset of appsets". It automatically discovers and deploys all `*appset.yaml` files within the repository, effectively deploying all three tiers of the architecture.
55+
56+
### Tier ApplicationSets
57+
58+
#### `/infrastructure/infrastructure-components-appset.yaml`
4959
- Manages all infrastructure components
5060
- Uses infrastructure project
5161
- Deploys with negative sync wave (-2) to ensure it runs first
5262
- Pattern: `infrastructure/*/*`
5363

54-
### `/monitoring/monitoring-components-appset.yaml`
64+
#### `/monitoring/monitoring-components-appset.yaml`
5565
- Manages all monitoring components
5666
- Uses infrastructure project
5767
- Deploys with neutral sync wave (0)
5868
- Pattern: `monitoring/*/*`
5969

60-
### `/my-apps/myapplications-appset.yaml`
70+
#### `/my-apps/myapplications-appset.yaml`
6171
- Manages all user applications
6272
- Uses ai project (provides necessary permissions)
6373
- Deploys with positive sync wave (1) to ensure it runs last

iac/kustomize/argo-cd/README.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
# Argo CD Upgrade to v3.0
2+
3+
This document outlines the process for upgrading Argo CD to version 3.0, including key changes, rollback procedures, and updated configurations.
4+
5+
## Upgrade Process
6+
7+
The upgrade is managed through GitOps by updating the Helm chart version in `infrastructure/controllers/argocd/kustomization.yaml`.
8+
9+
1. **Update Helm Chart**: The `version` in `kustomization.yaml` was updated to `8.1.1`, which corresponds to Argo CD application version `v3.0.6`.
10+
2. **Apply Manifests**: The changes were applied by committing the updated files to the Git repository, which Argo CD then automatically syncs.
11+
12+
## Key Changes and Resolutions
13+
14+
### 1. RBAC Permissions
15+
16+
- **Change**: Argo CD v3.0 requires more explicit RBAC permissions. The `*` wildcard is no longer sufficient for many resources.
17+
- **Resolution**: The `projects.yaml` file was updated to define more granular permissions for the `infrastructure`, `monitoring`, and `my-apps` projects. Wildcards were replaced with specific resource groups and kinds where possible. A `troubleshooting` role was added to the `monitoring` and `my-apps` projects to allow `exec` into pods.
18+
19+
### 2. Resource Tracking
20+
21+
- **Change**: The default resource tracking method is now `annotation`.
22+
- **Resolution**: The `application.resourceTrackingMethod` in `values.yaml` is set to `annotation+label` to ensure backward compatibility with existing resources.
23+
24+
### 3. Insecure Server
25+
26+
- **Change**: The `server.insecure: true` flag was previously used.
27+
- **Resolution**: This was initially going to be replaced with a TLS certificate, but per your request, we are continuing to use an insecure connection for now.
28+
29+
## Rollback Procedure
30+
31+
To roll back the upgrade, revert the changes in the Git repository. Specifically:
32+
33+
1. Revert the `version` in `infrastructure/controllers/argocd/kustomization.yaml` to the previous version.
34+
2. Revert the changes to `infrastructure/controllers/argocd/values.yaml` and `infrastructure/controllers/argocd/projects.yaml`.
35+
3. Commit and push the changes to the Git repository. Argo CD will automatically sync and roll back to the previous version.

infrastructure/argocd-app.yaml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
apiVersion: argoproj.io/v1alpha1
2+
kind: Application
3+
metadata:
4+
name: argocd
5+
namespace: argocd
6+
# Add a finalizer to prevent this application from being accidentally deleted.
7+
finalizers:
8+
- resources-finalizer.argocd.argoproj.io
9+
spec:
10+
# The 'default' project is used for managing Argo CD itself.
11+
# This project is created by default by Argo CD.
12+
project: default
13+
source:
14+
# IMPORTANT: Please verify this is the correct URL for your Git repository.
15+
repoURL: https://github.com/mitch-ross/k3s-argocd-proxmox.git
16+
path: infrastructure/controllers/argocd
17+
targetRevision: HEAD
18+
destination:
19+
# Deploy to the same cluster where Argo CD is running.
20+
server: https://kubernetes.default.svc
21+
namespace: argocd
22+
syncPolicy:
23+
automated:
24+
prune: true # Delete resources that are no longer defined in Git
25+
selfHeal: true # Automatically sync when the live state drifts from Git
26+
syncOptions:
27+
- CreateNamespace=true # Create the 'argocd' namespace if it doesn't exist

0 commit comments

Comments
 (0)