chore: mount vault CA for helm TLS trust and add ArgoCD self-management (#112)
- Patch argocd-repo-server to mount vault-ca-cert and set SSL_CERT_DIR so helm subprocesses trust the internal CA when pulling charts - Add argocd Application pointing at clusters/au-syd1/bootstrap so ArgoCD manages its own install going forward Reviewed-on: #112
This commit was merged in pull request #112.
This commit is contained in:
@@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: argocd-repo-server
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
volumes:
|
||||||
|
- name: vault-ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: vault-ca-cert
|
||||||
|
items:
|
||||||
|
- key: ca.crt
|
||||||
|
path: ca.crt
|
||||||
|
containers:
|
||||||
|
- name: argocd-repo-server
|
||||||
|
env:
|
||||||
|
- name: SSL_CERT_DIR
|
||||||
|
value: /etc/ssl/certs:/custom-certs
|
||||||
|
volumeMounts:
|
||||||
|
- name: vault-ca-cert
|
||||||
|
mountPath: /custom-certs
|
||||||
|
readOnly: true
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: argocd
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||||
|
targetRevision: HEAD
|
||||||
|
path: clusters/au-syd1/bootstrap
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: argocd
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: false
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- ServerSideApply=true
|
||||||
@@ -5,6 +5,7 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- https://raw.githubusercontent.com/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml
|
- https://raw.githubusercontent.com/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml
|
||||||
- au-syd1-apps.yaml
|
- au-syd1-apps.yaml
|
||||||
|
- argocd-self-app.yaml
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- path: argocd-cm-patch.yaml
|
- path: argocd-cm-patch.yaml
|
||||||
@@ -15,3 +16,7 @@ patches:
|
|||||||
target:
|
target:
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
name: argocd-tls-certs-cm
|
name: argocd-tls-certs-cm
|
||||||
|
- path: argocd-repo-server-vault-ca-patch.yaml
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
name: argocd-repo-server
|
||||||
|
|||||||
Reference in New Issue
Block a user