You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-[Talosctl](https://www.talos.dev/v1.10/introduction/getting-started/) and [Talhelper](https://github.com/budimanjojo/talhelper) installed
27
-
-`kubectl` installed locally
28
-
-`cloudflared` installed locally
30
+
-`kubectl`, `kustomize`, `sops` installed locally
29
31
30
32
## 🏗️ Architecture
31
33
@@ -93,155 +95,137 @@ graph TD;
93
95
-**GPU Integration**: Full NVIDIA GPU support via Talos system extensions and GPU Operator
94
96
-**Zero SSH**: All node management via Talosctl API
95
97
96
-
## 🏗️ GitOps Architecture
97
-
98
-
This repository implements a **production-grade GitOps workflow** using a multi-tiered ApplicationSet pattern. This separates concerns, simplifies management, and provides a clear, scalable structure.
99
-
100
-
### Self-Managing ArgoCD
101
-
102
-
The process starts with a single command to install ArgoCD's components and CRDs. Then, a single `Application` resource (`infrastructure/argocd-app.yaml`) is applied, which configures ArgoCD to manage its own installation and upgrades directly from this Git repository. This is the core of the **self-healing infrastructure** pattern.
103
-
104
-
### Three-Tier ApplicationSets
105
-
106
-
The cluster is organized into three distinct `ApplicationSet` resources, each responsible for a different layer of the stack. This provides clear separation of concerns and access control.
|**Infrastructure**|`infrastructure/`| Core Services | Manages essential components like ArgoCD, Cilium, storage, and other operators. |
111
-
|**Monitoring**|`monitoring/`| Observability | Deploys the full monitoring stack, including Prometheus, Grafana, and Loki. |
112
-
|**Applications**|`my-apps/`| User Workloads | Manages all end-user applications, such as Plex, Ollama, and Home Assistant. |
113
-
114
-
Each `ApplicationSet` automatically discovers new applications when a new directory is added to its designated path (e.g., adding `my-apps/new-app/` will automatically create a new ArgoCD application).
115
-
116
-
### Directory Structure
117
-
118
-
The repository's structure directly maps to the ApplicationSet strategy, making it intuitive to manage.
This cluster uses [1Password Connect](https://developer.1password.com/docs/connect) and [External Secrets Operator](https://external-secrets.io/) to manage secrets.
154
+
155
+
1.**Generate 1Password Connect Credentials**: Follow the [1Password documentation](https://developer.1password.com/docs/connect/get-started#step-2-deploy-the-1password-connect-server) to generate your `1password-credentials.json` file and your access token.
156
+
157
+
2.**Create Namespaces**:
158
+
```bash
159
+
kubectl create namespace 1passwordconnect
160
+
kubectl create namespace external-secrets
161
+
```
162
+
163
+
3. **Create Kubernetes Secrets**:
164
+
```bash
165
+
# IMPORTANT: Place your generated `1password-credentials.json` in the root of this repository first.
This cluster uses a **proven GitOps bootstrap pattern** that ensures stability and avoids common race conditions. The process is carefully ordered:
170
+
# Replace YOUR_CONNECT_TOKEN with your actual token
171
+
export CONNECT_TOKEN="YOUR_CONNECT_TOKEN"
186
172
187
-
1.**Install CRDs First**: We use `kustomize` to apply the base ArgoCD Helm chart, which safely installs the necessary Custom Resource Definitions (CRDs) into the cluster.
188
-
2.**Bootstrap Self-Management**: With the CRDs in place, we apply the `projects.yaml` and the root `argocd-app.yaml`. This tells the running ArgoCD instance to take over its own management from Git.
189
-
3.**Deploy ApplicationSets**: Once ArgoCD is self-managing, we deploy the three ApplicationSets, which then automatically discover and deploy all other applications and components.
0 commit comments