chore: mount vault CA for helm TLS trust and add ArgoCD self-management
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

- Patch argocd-repo-server to mount vault-ca-cert and set SSL_CERT_DIR
  so helm subprocesses trust the internal CA when pulling charts
- Add argocd Application pointing at clusters/au-syd1/bootstrap so
  ArgoCD manages its own install going forward
This commit is contained in:
2026-05-03 22:40:36 +10:00
parent 6fb98d66b0
commit 8d7c33a633
3 changed files with 51 additions and 0 deletions
@@ -0,0 +1,25 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-repo-server
namespace: argocd
spec:
template:
spec:
volumes:
- name: vault-ca-cert
secret:
secretName: vault-ca-cert
items:
- key: ca.crt
path: ca.crt
containers:
- name: argocd-repo-server
env:
- name: SSL_CERT_DIR
value: /etc/ssl/certs:/custom-certs
volumeMounts:
- name: vault-ca-cert
mountPath: /custom-certs
readOnly: true