Skip to content

Commit a098230

Browse files
committed
1
1 parent 43310f1 commit a098230

6 files changed

Lines changed: 403 additions & 708 deletions

File tree

README.md

Lines changed: 115 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,8 @@
11
# 🚀 Talos ArgoCD Proxmox Cluster
2-
=========================
32

43
> Modern GitOps deployment structure using Talos OS, ArgoCD, and Cilium, with Proxmox virtualization
54
6-
A GitOps-driven Kubernetes cluster using **Talos OS** (secure, immutable Linux for K8s), ArgoCD, and Cilium, with integrated Cloudflare Tunnel for secure external access. Built for both home lab and small production environments.
5+
A GitOps-driven Kubernetes cluster using **Talos OS** (secure, immutable Linux for K8s), ArgoCD, and Cilium, with integrated Cloudflare Tunnel for secure external access. Built for both home lab and production environments using **enterprise-grade GitOps patterns**.
76

87
## 📋 Table of Contents
98

@@ -15,9 +14,8 @@ A GitOps-driven Kubernetes cluster using **Talos OS** (secure, immutable Linux f
1514
- [3. Boot & Bootstrap Talos Nodes](#3-boot--bootstrap-talos-nodes)
1615
- [4. Apply Machine Configs](#4-apply-machine-configs)
1716
- [5. Install Gateway API CRDs](#5-install-gateway-api-crds)
18-
- [6. Install ArgoCD & All Apps](#6-install-argocd--all-apps)
17+
- [6. Bootstrap ArgoCD (One Command)](#6-bootstrap-argocd-one-command)
1918
- [7. Configure Secret Management](#7-configure-secret-management)
20-
- [8. Final Deployment](#8-final-deployment)
2119
- [Verification](#-verification)
2220
- [Documentation](#-documentation)
2321
- [Hardware Stack](#-hardware-stack)
@@ -40,54 +38,64 @@ A GitOps-driven Kubernetes cluster using **Talos OS** (secure, immutable Linux f
4038
```mermaid
4139
graph TD;
4240
subgraph "Git Repository"
43-
Root["root-appset.yaml<br/>(path: infrastructure/root-appset.yaml)"]
41+
Bootstrap["argocd-app.yaml<br/>(Bootstrap Application)"]
4442
45-
DirInfra["infrastructure/*/*<br/>(e.g., controllers/argocd)"]
46-
DirMon["monitoring/*<br/>(e.g., loki-stack)"]
47-
DirApps["my-apps/*/*<br/>(e.g., media/plex)"]
43+
InfraAppSet["infrastructure/root-appset.yaml<br/>(Infrastructure ApplicationSet)"]
44+
MonAppSet["monitoring/monitoring-components-appset.yaml<br/>(Monitoring ApplicationSet)"]
45+
AppsAppSet["my-apps/myapplications-appset.yaml<br/>(Applications ApplicationSet)"]
46+
47+
InfraDirs["infrastructure/*/*<br/>(e.g., controllers/argocd)"]
48+
MonDirs["monitoring/*/*<br/>(e.g., prometheus-stack)"]
49+
AppDirs["my-apps/*/*<br/>(e.g., media/plex)"]
4850
49-
Root -- "scans path" --> DirInfra
50-
Root -- "scans path" --> DirMon
51-
Root -- "scans path" --> DirApps
51+
InfraAppSet -- "scans" --> InfraDirs
52+
MonAppSet -- "scans" --> MonDirs
53+
AppsAppSet -- "scans" --> AppDirs
5254
end
5355
54-
subgraph "Argo CD"
55-
Argo["Argo CD Controller"] -- "Syncs" --> Root;
56+
subgraph "ArgoCD Self-Management"
57+
ArgoCD["ArgoCD Controller"] -- "Deploys itself via" --> Bootstrap
58+
59+
subgraph "Self-Managed ApplicationSets"
60+
InfraAS["Infrastructure ApplicationSet"]
61+
MonAS["Monitoring ApplicationSet"]
62+
AppsAS["Applications ApplicationSet"]
63+
end
64+
65+
Bootstrap -- "Creates & Manages" --> InfraAS
66+
Bootstrap -- "Creates & Manages" --> MonAS
67+
Bootstrap -- "Creates & Manages" --> AppsAS
5668
5769
subgraph "Generated Applications"
58-
App1["App: controllers-argocd"]
59-
App2["App: database-redis"]
60-
App3["App: monitoring-loki-stack"]
61-
App4["App: media-plex"]
62-
AppEtc["... and so on"]
70+
InfraApps["infra-argocd<br/>infra-cilium<br/>infra-longhorn<br/>..."]
71+
MonApps["monitoring-prometheus-stack<br/>monitoring-loki-stack<br/>..."]
72+
UserApps["media-plex<br/>ai-ollama<br/>home-frigate<br/>..."]
6373
end
6474
65-
Argo -- "Generates from Template" --> App1
66-
Argo -- "Generates from Template" --> App2
67-
Argo -- "Generates from Template" --> App3
68-
Argo -- "Generates from Template" --> App4
75+
InfraAS -- "Generates" --> InfraApps
76+
MonAS -- "Generates" --> MonApps
77+
AppsAS -- "Generates" --> UserApps
6978
end
7079
7180
subgraph "Kubernetes Cluster"
72-
Res1["Argo CD Pods & CRDs"]
73-
Res2["Redis Pods & Services"]
74-
Res3["Loki Pods & Services"]
75-
Res4["Plex Pod & Ingress"]
81+
InfraRes["Infrastructure Resources<br/>(ArgoCD, Cilium, Storage)"]
82+
MonRes["Monitoring Resources<br/>(Prometheus, Grafana, Loki)"]
83+
AppRes["Application Resources<br/>(Plex, Ollama, Frigate)"]
7684
end
7785
78-
App1 -- "syncs infrastructure/controllers/argocd" --> Res1;
79-
App2 -- "syncs infrastructure/database/redis" --> Res2;
80-
App3 -- "syncs monitoring/loki-stack" --> Res3;
81-
App4 -- "syncs my-apps/media/plex" --> Res4;
86+
InfraApps -- "deploys" --> InfraRes
87+
MonApps -- "deploys" --> MonRes
88+
UserApps -- "deploys" --> AppRes
8289
83-
style Root fill:#f9f,stroke:#333,stroke-width:2px;
84-
style Argo fill:#9cf,stroke:#333,stroke-width:2px
90+
style Bootstrap fill:#f9f,stroke:#333,stroke-width:2px
91+
style ArgoCD fill:#9cf,stroke:#333,stroke-width:2px
8592
```
8693

8794
### Key Features
88-
- **Three-Tier Architecture**: Separate infrastructure, monitoring, and applications
89-
- **Sync Waves**: Controlled deployment order via ArgoCD
90-
- **Declarative GitOps**: All cluster state managed in Git
95+
- **Enterprise GitOps Pattern**: Three separate ApplicationSets for clear separation of concerns
96+
- **Self-Managing ArgoCD**: ArgoCD manages its own installation, upgrades, and ApplicationSets
97+
- **Simple Directory Discovery**: No complex patterns - easy to understand and maintain
98+
- **Production Ready**: Proper error handling, retries, and monitoring integration
9199
- **GPU Integration**: Full NVIDIA GPU support via Talos system extensions and GPU Operator
92100
- **Zero SSH**: All node management via Talosctl API
93101

@@ -136,17 +144,22 @@ kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/downloa
136144
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/experimental-install.yaml
137145
```
138146

139-
### 6. Install ArgoCD & All Apps
140-
With the CRDs in place, we can bootstrap Argo CD and deploy the entire cluster with a single command.
141-
142-
This `Application` manifest tells Argo CD how to manage its own installation. Once running, Argo CD will automatically sync the `root-appset.yaml` located in the `infrastructure` directory. This `ApplicationSet` will then discover and deploy every other component and application in the repository.
147+
### 6. Bootstrap ArgoCD (One Command)
148+
Deploy the self-managing ArgoCD bootstrap application. This will:
149+
1. **Install ArgoCD itself** using Helm
150+
2. **Create all three ApplicationSets** (infrastructure, monitoring, applications)
151+
3. **Automatically discover and deploy** all components and applications
143152

144153
```bash
145-
# Apply the Argo CD application. It will self-manage and deploy everything else.
154+
# Single command to deploy everything - ArgoCD will manage itself from here
146155
kubectl apply -f infrastructure/argocd-app.yaml
147156
```
148157

149-
From this point on, every component of your cluster is managed via Git. Any changes pushed to the `main` branch will be automatically synced by Argo CD.
158+
**That's it!** ArgoCD will now:
159+
- Manage its own installation and upgrades
160+
- Deploy all infrastructure components (Cilium, storage, etc.)
161+
- Deploy monitoring stack (Prometheus, Grafana, Loki)
162+
- Deploy all applications (media, AI, home automation, etc.)
150163

151164
### 7. Configure Secret Management
152165
```bash
@@ -173,12 +186,6 @@ kubectl create secret generic 1passwordconnect \
173186
--namespace external-secrets
174187
```
175188

176-
### Key Deployment Features
177-
- Three-tier architecture separating infrastructure, monitoring, and applications
178-
- Sync waves ensure proper deployment order
179-
- Simple directory patterns without complex include/exclude logic
180-
- All components managed through just three top-level ApplicationSets
181-
182189
## 🛡️ Talos-Specific Notes
183190
- **No SSH**: All management via `talosctl` API
184191
- **Immutable OS**: No package manager, no shell
@@ -196,9 +203,14 @@ talosctl health --nodes <node-ip>
196203
kubectl get pods -A
197204
cilium status
198205

199-
# Check ArgoCD
200-
kubectl get application -A
201-
kubectl get pods -n argocd
206+
# Check ArgoCD self-management
207+
kubectl get applications -n argocd
208+
kubectl get applicationsets -n argocd
209+
210+
# Check generated applications
211+
kubectl get applications -n argocd -l type=infrastructure
212+
kubectl get applications -n argocd -l type=monitoring
213+
kubectl get applications -n argocd -l type=application
202214

203215
# Check secrets
204216
kubectl get pods -n 1passwordconnect
@@ -208,7 +220,7 @@ kubectl get externalsecret -A
208220
## 📋 Documentation
209221
- **[View Documentation Online](https://mitchross.github.io/k3s-argocd-proxmox)** - Full documentation website
210222
- **[Local Documentation](docs/)** - Browse documentation in the repository:
211-
- [ArgoCD Setup](docs/argocd.md)
223+
- [ArgoCD Setup](docs/argocd.md) - **Enterprise GitOps patterns and self-management**
212224
- [Network Configuration](docs/network.md)
213225
- [Storage Configuration](docs/storage.md)
214226
- [Security Setup](docs/security.md)
@@ -249,37 +261,53 @@ While this setup uses a single node, you can add worker nodes for additional com
249261

250262
```
251263
.
252-
├── infrastructure/ # Infrastructure components
253-
│ ├── controllers/ # Kubernetes controllers
254-
│ │ └── argocd/ # ArgoCD configuration and projects
255-
│ ├── networking/ # Network configurations
256-
│ ├── storage/ # Storage configurations
257-
│ └── root-appset.yaml # Main infrastructure ApplicationSet
258-
├── monitoring/ # Monitoring components
259-
│ ├── loki-stack/ # Loki logging stack
260-
│ └── prometheus-stack/ # Prometheus monitoring stack
261-
├── my-apps/ # User applications
262-
│ ├── ai/ # AI-related applications
263-
│ ├── media/ # Media applications
264-
│ ├── development/ # Development tools
265-
│ ├── home/ # Home automation apps
266-
│ └── privacy/ # Privacy-focused applications
267-
├── docs/ # Documentation
268-
│ ├── argocd.md # ArgoCD setup and workflow
269-
│ ├── network.md # Network configuration
270-
│ ├── security.md # Security setup
271-
│ ├── storage.md # Storage configuration
272-
│ └── external-services.md # External services setup
264+
├── infrastructure/ # Infrastructure ApplicationSet
265+
│ ├── controllers/ # ArgoCD, External Secrets, etc.
266+
│ │ └── argocd/ # ArgoCD self-management configuration
267+
│ ├── networking/ # Cilium, Gateway API, etc.
268+
│ ├── storage/ # Longhorn, CSI drivers, etc.
269+
│ ├── database/ # PostgreSQL, Redis operators
270+
│ ├── projects.yaml # ArgoCD projects
271+
│ └── root-appset.yaml # Infrastructure ApplicationSet
272+
├── monitoring/ # Monitoring ApplicationSet
273+
│ ├── prometheus-stack/ # Prometheus, Grafana, AlertManager
274+
│ ├── loki-stack/ # Loki, Promtail
275+
│ └── monitoring-components-appset.yaml
276+
├── my-apps/ # Applications ApplicationSet
277+
│ ├── ai/ # AI tools (Ollama, ComfyUI, etc.)
278+
│ ├── media/ # Media servers (Plex, Jellyfin, etc.)
279+
│ ├── home/ # Home automation (Frigate, HA, etc.)
280+
│ ├── development/ # Dev tools (Headlamp, IT-Tools, etc.)
281+
│ ├── privacy/ # Privacy tools (SearXNG, ProxiTok, etc.)
282+
│ └── myapplications-appset.yaml
283+
└── docs/ # Documentation
284+
├── argocd.md # Enterprise GitOps setup
285+
├── network.md # Network configuration
286+
├── security.md # Security setup
287+
├── storage.md # Storage configuration
288+
└── external-services.md # External services setup
273289
```
274290

291+
## ✅ Enterprise GitOps Features
292+
293+
This setup implements **production-grade patterns** used in enterprise environments:
294+
295+
1. **Self-Managing Infrastructure**: ArgoCD manages its own lifecycle
296+
2. **Clear Separation of Concerns**: Three distinct ApplicationSets
297+
3. **Simple Directory Discovery**: Easy for developers to add applications
298+
4. **Automated Operations**: Zero-touch deployments after bootstrap
299+
5. **Production Monitoring**: Full observability stack
300+
6. **Proper RBAC**: Project-based access controls
301+
275302
## 🔍 Troubleshooting
276303

277304
| Issue Type | Troubleshooting Steps |
278305
|------------|----------------------|
279306
| **Talos Node Issues** |`talosctl health`<br>• Check Talos logs: `talosctl logs -n <node-ip> -k` |
307+
| **ArgoCD Self-Management** |`kubectl get application argocd -n argocd`<br>• Check ApplicationSet status<br>• Review ArgoCD logs |
308+
| **ApplicationSet Issues** |`kubectl get applicationsets -n argocd`<br>• Check directory patterns<br>• Verify Git connectivity |
280309
| **Network Issues** | • Check Cilium status<br>• Verify Gateway API<br>• Test DNS resolution |
281310
| **Storage Issues** | • Verify PV binding<br>• Check Longhorn/Local PV logs<br>• Validate node affinity |
282-
| **ArgoCD Issues** | • Check application sync status<br>• Review application logs |
283311
| **Secrets Issues** | • Check External Secrets Operator logs<br>• Verify 1Password Connect status |
284312
| **GPU Issues** | • Check GPU node labels<br>• Verify NVIDIA Operator pods<br>• Check `nvidia-smi` on GPU nodes |
285313

@@ -297,11 +325,23 @@ kubectl delete applications --all -n argocd
297325
kubectl get applicationsets -n argocd -o name | xargs -I{} kubectl patch {} -n argocd --type json -p '[{"op": "remove","path": "/metadata/finalizers"}]'
298326
kubectl delete applicationsets --all -n argocd
299327

300-
# Only then apply the new structure in order
328+
# Bootstrap with the new enterprise pattern
301329
kubectl apply -f infrastructure/argocd-app.yaml
302-
kubectl apply -f infrastructure/root-appset.yaml
303330
```
304331

332+
## 🚀 Taking to Production
333+
334+
This homelab setup translates directly to enterprise environments:
335+
336+
1. **Replace Git repo** with your organization's repository
337+
2. **Add proper RBAC** for team-based access
338+
3. **Configure notifications** for Slack/Teams integration
339+
4. **Add policy enforcement** with tools like OPA Gatekeeper
340+
5. **Implement proper secrets management** with External Secrets or Vault
341+
6. **Add multi-cluster support** with ArgoCD ApplicationSets
342+
343+
The patterns and structure remain the same - this is **production-grade GitOps**.
344+
305345
## 🤝 Contributing
306346

307347
1. Fork the repository

0 commit comments

Comments
 (0)