WIP Setup ArgoCD

ansible-5/roles/prod.k3s/files/argocd/ingress-cli.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-cli
+  namespace: argocd
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+    - host: argocd.xai-corp.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: argocd-server
+                port:
+                  number: 80
+                scheme: h2c
+
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls

ansible-5/roles/prod.k3s/files/argocd/ingress.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-ui
+  namespace: argocd
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+    - host: argocd.xai-corp.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: argo-cd-server
+                port:
+                  number: 80
+
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls
+

ansible-5/roles/prod.k3s/files/argocd/ingressRoute.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argocd.xai-corp.net`)
+      priority: 10
+      services:
+        - name: argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argocd.xai-corp.net`) && Header(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: h2c
+  tls:
+    certResolver: default

ansible-5/roles/prod.k3s/files/argocd/values.yaml

@@ -0,0 +1,18 @@
+---
+# https://github.com/bitnami/charts/blob/main/bitnami/argo-cd/values.yaml
+# xai-corp-production-tls
+
+#server:
+#  ingress:
+#    enabled: false
+#    hostname: argocd.xai-corp.net
+#    tls: true
+#    annotations:
+#    extraTLS:
+#      hostname:
+#
+#  grpcIngress:
+#    enabled: false
+#    hostname: argocd.xai-corp.net
+#    tls: true
+