Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f03eb6f651 | |||
| 296c569cc8 | |||
| c1d831176d | |||
| 1cefd3b78e | |||
| 842d774fc3 | |||
| 4c8827ce35 | |||
| 5e03215f4d |
@@ -0,0 +1,8 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: argocd-image-updater
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: default
|
||||
namespace: argocd-image-updater
|
||||
spec:
|
||||
allowedNamespaces:
|
||||
- argocd-image-updater
|
||||
kubernetes:
|
||||
audiences:
|
||||
- vault
|
||||
role: argocd-image-updater
|
||||
serviceAccount: argocd-image-updater
|
||||
tokenExpirationSeconds: 600
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
@@ -0,0 +1,40 @@
|
||||
---
|
||||
# Credentials for polling the git.unkin.net container registry.
|
||||
# Vault KV path: kv/service/argocd-image-updater/registry-creds
|
||||
# Required key: creds — value format: "<username>:<token>"
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: registry-creds
|
||||
namespace: argocd-image-updater
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: registry-creds
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: service/argocd-image-updater/registry-creds
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
---
|
||||
# ArgoCD API token for image updater to discover and update Applications.
|
||||
# Vault KV path: kv/service/argocd-image-updater/argocd-token
|
||||
# Required key: token — generate via: argocd account generate-token --account image-updater
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: argocd-token
|
||||
namespace: argocd-image-updater
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: argocd-token
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: service/argocd-image-updater/argocd-token
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
@@ -30,6 +30,7 @@ remotes:
|
||||
- "^hashicorp/vault-secrets-operator"
|
||||
- "^jfrog/"
|
||||
- "^rancher/"
|
||||
- "^traefik/"
|
||||
- "^ubi9/ubi-minimal"
|
||||
- "^victoriametrics/"
|
||||
- "^woodpeckerci/"
|
||||
|
||||
@@ -26,6 +26,7 @@ remotes:
|
||||
- "helmfile/helmfile/.*/helmfile_.*_linux_amd64.tar.gz$"
|
||||
- "helmfile/vals/.*/vals_.*_linux_amd64.tar.gz$"
|
||||
- "jesseduffield/lazydocker/.*/lazydocker_.*_Linux_x86_64.tar.gz$"
|
||||
- "kubernetes-sigs/gateway-api/.*/standard-install.yaml$"
|
||||
- "lxc/incus/.*.tar.gz$"
|
||||
- "mikefarah/yq/.*/yq_linux_amd64$"
|
||||
- "neovim/neovim-releases/.*/nvim-linux-x86_64.tar.gz$"
|
||||
|
||||
@@ -109,6 +109,17 @@ remotes:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
traefik:
|
||||
base_url: "https://traefik.github.io/charts"
|
||||
package: "helm"
|
||||
description: "Traefik Helm charts"
|
||||
check_mutable_updates: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
cache:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
victoriametrics:
|
||||
base_url: "https://victoriametrics.github.io/helm-charts/"
|
||||
package: "helm"
|
||||
@@ -119,3 +130,14 @@ remotes:
|
||||
cache:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
argo-helm:
|
||||
base_url: "https://argoproj.github.io/argo-helm"
|
||||
package: "helm"
|
||||
description: "Argo Project Helm charts (ArgoCD, Image Updater, Rollouts, etc.)"
|
||||
check_mutable_updates: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
cache:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
@@ -13,4 +13,6 @@ virtuals:
|
||||
- purelb
|
||||
- rancher-stable
|
||||
- stakater
|
||||
- traefik
|
||||
- victoriametrics
|
||||
- argo-helm
|
||||
|
||||
@@ -7,12 +7,12 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: intel-device-plugins-operator
|
||||
repo: https://intel.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.35.0"
|
||||
releaseName: intel-device-plugins-operator
|
||||
namespace: inteldeviceplugins-system
|
||||
- name: intel-device-plugins-gpu
|
||||
repo: https://intel.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.34.1"
|
||||
releaseName: intel-gpu-plugin
|
||||
namespace: inteldeviceplugins-system
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../base/argocd-image-updater
|
||||
|
||||
helmCharts:
|
||||
- name: argocd-image-updater
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.10.3"
|
||||
releaseName: argocd-image-updater
|
||||
namespace: argocd-image-updater
|
||||
valuesFile: values.yaml
|
||||
@@ -0,0 +1,33 @@
|
||||
config:
|
||||
argocd:
|
||||
grpcWeb: false
|
||||
serverAddress: argocd-server.argocd
|
||||
insecure: true
|
||||
plaintext: false
|
||||
|
||||
registries:
|
||||
- name: git.unkin.net
|
||||
api_url: https://git.unkin.net
|
||||
prefix: git.unkin.net
|
||||
credentials: secret:argocd-image-updater/registry-creds#creds
|
||||
insecure: false
|
||||
|
||||
authScripts:
|
||||
enabled: false
|
||||
|
||||
extraEnv:
|
||||
- name: ARGOCD_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: argocd-token
|
||||
key: token
|
||||
|
||||
gitCommitUser: "ArgoCD Image Updater"
|
||||
gitCommitEmail: "argocd-image-updater@unkin.net"
|
||||
|
||||
rbac:
|
||||
enabled: true
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: argocd-image-updater
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: rancher
|
||||
repo: https://releases.rancher.com/server-charts/stable
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "2.13.1"
|
||||
releaseName: rancher
|
||||
namespace: cattle-system
|
||||
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: cert-manager
|
||||
repo: https://charts.jetstack.io
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "v1.19.2"
|
||||
releaseName: cert-manager
|
||||
namespace: cert-manager
|
||||
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: cloudnative-pg
|
||||
repo: https://cloudnative-pg.github.io/charts
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.27.0"
|
||||
releaseName: cloudnative-pg-operator
|
||||
namespace: cnpg-system
|
||||
|
||||
@@ -9,7 +9,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: eck-operator
|
||||
repo: https://helm.elastic.co
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "3.2.0"
|
||||
releaseName: elastic-operator
|
||||
namespace: elastic-system
|
||||
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: external-dns
|
||||
repo: https://kubernetes-sigs.github.io/external-dns/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "1.19.0"
|
||||
releaseName: externaldns
|
||||
namespace: externaldns
|
||||
|
||||
@@ -9,13 +9,13 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: victoria-metrics-cluster
|
||||
repo: https://victoriametrics.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.33.0"
|
||||
releaseName: victoria-metrics-cluster
|
||||
namespace: observability
|
||||
valuesFile: values-vmcluster.yaml
|
||||
- name: victoria-metrics-agent
|
||||
repo: https://victoriametrics.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.30.0"
|
||||
releaseName: victoria-metrics-agent
|
||||
namespace: observability
|
||||
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: reflector
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
repo: oci://ghcr.io/emberstack/helm-charts
|
||||
version: "10.0.1"
|
||||
releaseName: reflector
|
||||
namespace: reflector-system
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: ApplicationSet
|
||||
metadata:
|
||||
name: image-updater-apps
|
||||
namespace: argocd
|
||||
spec:
|
||||
generators:
|
||||
- git:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
revision: HEAD
|
||||
directories:
|
||||
- path: apps/overlays/*/artifactapi
|
||||
template:
|
||||
metadata:
|
||||
name: 'platform-{{path[3]}}'
|
||||
annotations:
|
||||
argocd-image-updater.argoproj.io/image-list: "artifactapi=git.unkin.net/unkin/artifactapi"
|
||||
argocd-image-updater.argoproj.io/artifactapi.update-strategy: semver
|
||||
argocd-image-updater.argoproj.io/write-back-method: git
|
||||
argocd-image-updater.argoproj.io/git-branch: main
|
||||
spec:
|
||||
project: platform
|
||||
source:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
targetRevision: HEAD
|
||||
path: '{{path}}'
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: '{{path[3]}}'
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- ServerSideApply=true
|
||||
@@ -4,6 +4,7 @@ kind: Kustomization
|
||||
|
||||
resources:
|
||||
- aitooling.yaml
|
||||
- imageupdater.yaml
|
||||
- observability.yaml
|
||||
- platform.yaml
|
||||
- storage.yaml
|
||||
|
||||
@@ -10,7 +10,7 @@ spec:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
revision: HEAD
|
||||
directories:
|
||||
- path: apps/overlays/*/artifactapi
|
||||
- path: apps/overlays/*/argocd-image-updater
|
||||
- path: apps/overlays/*/cattle-system
|
||||
- path: apps/overlays/*/cert-manager
|
||||
- path: apps/overlays/*/certificates
|
||||
|
||||
@@ -8,7 +8,6 @@ spec:
|
||||
description: Observability stack (metrics, monitoring)
|
||||
sourceRepos:
|
||||
- https://git.unkin.net/unkin/argocd-apps
|
||||
- https://victoriametrics.github.io/helm-charts/
|
||||
destinations:
|
||||
- namespace: 'observability'
|
||||
server: https://kubernetes.default.svc
|
||||
|
||||
@@ -9,14 +9,7 @@ spec:
|
||||
sourceRepos:
|
||||
- https://git.unkin.net/unkin/argocd-apps
|
||||
- https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
- https://charts.jetstack.io
|
||||
- https://cloudnative-pg.github.io/charts
|
||||
- https://helm.elastic.co
|
||||
- https://purelb.github.io/purelb/charts
|
||||
- https://intel.github.io/helm-charts/
|
||||
- https://kubernetes-sigs.github.io/external-dns/
|
||||
- https://releases.rancher.com/server-charts/stable
|
||||
- https://victoriametrics.github.io/helm-charts/
|
||||
- oci://gcr.io/k8s-staging-nfd/charts
|
||||
- oci://ghcr.io/woodpecker-ci/helm/woodpecker
|
||||
destinations:
|
||||
|
||||
@@ -3,7 +3,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml
|
||||
- https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml
|
||||
- https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github/kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml
|
||||
- au-syd1-apps.yaml
|
||||
- argocd-self-app.yaml
|
||||
|
||||
|
||||
Reference in New Issue
Block a user