xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

WIP Setup ArgoCD

Browse Source
This commit is contained in:
richard
2025-08-16 16:50:53 -04:00
parent 907cfef01b
commit e85f84b412
8 changed files with 160 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
View File

@@ -88,3 +88,4 @@ abcapi IN CNAME dkhost
;metrics IN CNAME dkhost ;metrics IN CNAME dkhost
funkwhale IN CNAME dkhost funkwhale IN CNAME dkhost
backstage IN CNAME dkhost backstage IN CNAME dkhost
argocd IN CNAME dkhost

5
ansible-5/roles/prod.k3s/defaults/main.yml
View File

@@ -92,6 +92,11 @@ apps:
namespace: default namespace: default
state: absent state: absent
argocd:
enabled: true
namespace: argocd
state: present
funkwhale: funkwhale:
enabled: false enabled: false
namespace: funkwhale namespace: funkwhale

26
ansible-5/roles/prod.k3s/files/argocd/ingress-cli.yaml Normal file
View File

@@ -0,0 +1,26 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-cli
namespace: argocd
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: argocd.xai-corp.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80
scheme: h2c
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- secretName: xai-corp-production-tls

26
ansible-5/roles/prod.k3s/files/argocd/ingress.yaml Normal file
View File

@@ -0,0 +1,26 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-ui
namespace: argocd
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: argocd.xai-corp.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argo-cd-server
port:
number: 80
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- secretName: xai-corp-production-tls

24
ansible-5/roles/prod.k3s/files/argocd/ingressRoute.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: argocd-server
namespace: argocd
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`argocd.xai-corp.net`)
priority: 10
services:
- name: argocd-server
port: 80
- kind: Rule
match: Host(`argocd.xai-corp.net`) && Header(`Content-Type`, `application/grpc`)
priority: 11
services:
- name: argocd-server
port: 80
scheme: h2c
tls:
certResolver: default

18
ansible-5/roles/prod.k3s/files/argocd/values.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
# https://github.com/bitnami/charts/blob/main/bitnami/argo-cd/values.yaml
# xai-corp-production-tls
#server:
# ingress:
# enabled: false
# hostname: argocd.xai-corp.net
# tls: true
# annotations:
# extraTLS:
# hostname:
#
# grpcIngress:
# enabled: false
# hostname: argocd.xai-corp.net
# tls: true

56
ansible-5/roles/prod.k3s/tasks/deployments/argoCD.yaml
View File

@@ -1,2 +1,58 @@
--- ---
#tasks to deploy argoCD to cluster #tasks to deploy argoCD to cluster
# https://github.com/bitnami/charts/blob/main/bitnami/argo-cd/values.yaml
- name: Create a namespace for argoCD
k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
name: "{{apps.argocd.namespace}}"
api_version: v1
kind: Namespace
state: "{{apps.argocd.state}}"
become: true
#- name: create persistent volume resources
# kubernetes.core.k8s:
# kubeconfig: "/etc/rancher/k3s/k3s.yaml"
# state: "{{apps.gitea.state}}"
# definition: "{{ lookup('template', item) | from_yaml }}"
# loop:
# - gitea/pv.yaml
# - gitea/pv-claim.yaml
# become: true
- name: Install argocd
block:
- name: Add argocd chart helm repo
local_action:
module: kubernetes.core.helm_repository
name: bitnami
repo_url: https://charts.bitnami.com/bitnami
- name: load variables files/argocd/values.yaml
ansible.builtin.include_vars:
file: files/argocd/values.yaml
name: release_values
- name: Install argocd Release
local_action:
module: kubernetes.core.helm
release_state: "{{apps.argocd.state}}"
name: argo-cd
namespace: "{{apps.argocd.namespace}}"
create_namespace: yes
update_repo_cache: True
chart_ref: bitnami/argo-cd
values: "{{release_values}}"
wait: true
- name: create extra resources for argoCD
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: "{{apps.argocd.state}}"
definition: "{{ lookup('file', item) | from_yaml }}"
loop:
- argocd/ingress.yaml
become: true

98
ansible-5/roles/prod.k3s/tasks/main.yml
View File

@@ -54,97 +54,7 @@
- name: deploy backstage - name: deploy backstage
include_tasks: deployments/backstage.yaml include_tasks: deployments/backstage.yaml
when: apps.backstage.enabled when: apps.backstage.enabled
#-----------------------------------------------------
#- include_tasks: mariadb.yaml - name: deploy argoCD
# include_tasks: deployments/argoCD.yaml
# https://artifacthub.io/packages/helm/twuni/docker-registry when: apps.argocd.enabled
#- name: Deploy latest version of docker-registry in dev-tools namespace
# local_action:
# module: kubernetes.core.helm
# name: dkregistry
# chart_ref: twuni/docker-registry
# release_namespace: dev-tools
# create_namespace: True
# values:
# replicaCount: 1
# ingress:
# enabled: true
# hosts:
# - dkregistry.xai-corp.net
# className: traefik
# secrets.htpassword: me1
# extraVolumeMounts:
# - name: registry-data
# mountPath: /var/lib/registry-data
# - name: registry-auth
# mountPath: /auth
# - name: registry-auth
# mountPath: /etc/docker/registry/
# - name: letsencrypt-data
# mountPath: /certs
# - name: letsencrypt-config
# mountPath: /etc/letsencrypt
# extraVolumes:
# - name: registry-data
# hostPath:
# path: /opt/shared/dkregistry/data
# - name: registry-auth
# hostPath:
# path: /opt/shared/dkregistry/auth
# - name: registry-config
# hostPath:
# path: /opt/shared/dkregistry/config/
# - name: letsencrypt-data
# hostPath:
# path: /opt/shared/letsencrypt-2
# - name: letsencrypt-config
# hostPath:
# path: /opt/shared/letsencrypt-2
# extraEnvVars:
# - name: REGISTRY_HTTP_SECRET
# value: aabuioqlwlcpp2
# - name: REGISTRY_HTTP_TLS_CERTIFICATE
# value: /certs/live/xai-corp.net/fullchain.pem
# - name: REGISTRY_HTTP_TLS_KEY
# value: /certs/live/xai-corp.net/privkey.pem
#
#
# k3s config file
#- name: Copy k3s config file to /etc/rancher/k3s/config.yaml
# ansible.builtin.copy:
# src: config.yaml
# dest: /etc/rancher/k3s/config.yaml
# become: true
#
# provision gitea
#
# provision argoCD
#
# provision graphana
#- name: Copy manifest for graphana
# ansible.builtin.copy:
# src: manifests/graphana.helm.yaml
# dest: /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
# become: true
#
#- name: Copy manifest for docker registry
# ansible.builtin.copy:
# src: manifests/registry.helm.yaml
# dest: /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
# become: true
#
#- name: Copy manifest for mariadb
# ansible.builtin.copy:
# src: manifests/mariadb.helm.yaml
# dest: /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
# become: true
#
#- name: remove manifests
# ansible.builtin.file:
# state: absent
# path: "{{ item }}"
# loop:
# - /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
# - /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
# - /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
# become: true