chore: mount vault CA for helm TLS trust and add ArgoCD self-management (#112)
- Patch argocd-repo-server to mount vault-ca-cert and set SSL_CERT_DIR so helm subprocesses trust the internal CA when pulling charts - Add argocd Application pointing at clusters/au-syd1/bootstrap so ArgoCD manages its own install going forward Reviewed-on: #112
This commit was merged in pull request #112.
This commit is contained in:
@@ -0,0 +1,25 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: argocd-repo-server
|
||||
namespace: argocd
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
volumes:
|
||||
- name: vault-ca-cert
|
||||
secret:
|
||||
secretName: vault-ca-cert
|
||||
items:
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
containers:
|
||||
- name: argocd-repo-server
|
||||
env:
|
||||
- name: SSL_CERT_DIR
|
||||
value: /etc/ssl/certs:/custom-certs
|
||||
volumeMounts:
|
||||
- name: vault-ca-cert
|
||||
mountPath: /custom-certs
|
||||
readOnly: true
|
||||
@@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: argocd
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
targetRevision: HEAD
|
||||
path: clusters/au-syd1/bootstrap
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: false
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- ServerSideApply=true
|
||||
@@ -5,6 +5,7 @@ kind: Kustomization
|
||||
resources:
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml
|
||||
- au-syd1-apps.yaml
|
||||
- argocd-self-app.yaml
|
||||
|
||||
patches:
|
||||
- path: argocd-cm-patch.yaml
|
||||
@@ -15,3 +16,7 @@ patches:
|
||||
target:
|
||||
kind: ConfigMap
|
||||
name: argocd-tls-certs-cm
|
||||
- path: argocd-repo-server-vault-ca-patch.yaml
|
||||
target:
|
||||
kind: Deployment
|
||||
name: argocd-repo-server
|
||||
|
||||
Reference in New Issue
Block a user