diff --git a/app-root/application.yaml b/app-root/application.yaml new file mode 100644 index 0000000..e493a5d --- /dev/null +++ b/app-root/application.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: root + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://git.mvzijl.nl/marco/veda.git + targetRevision: main + path: appset + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - PruneLast=true + - PrunePropagationPolicy=foreground \ No newline at end of file diff --git a/app-test-1/app-test-1.yaml b/app-test-1/app-test-1.yaml deleted file mode 100644 index 6466b32..0000000 --- a/app-test-1/app-test-1.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: app-test-1 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: app-test-1-deploy - namespace: app-test-1 -spec: - replicas: 1 - selector: - matchLabels: - app: app-test-1 - template: - metadata: - labels: - app: app-test-1 - spec: - containers: - - name: app-test-1 - image: nginx - ports: - - name: web - containerPort: 80 ---- -apiVersion: v1 -kind: Service -metadata: - name: app-test-1-svc - namespace: app-test-1 - labels: - app: app-test-1 -spec: - type: LoadBalancer - ports: - - name: http - port: 80 - targetPort: 80 - protocol: TCP - selector: - app: app-test-1 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: app-test-1-ingress - namespace: app-test-1 - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web -spec: - rules: - - host: test.noxxos.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: app-test-1-svc - port: - name: http diff --git a/apps/authentik/Chart.yaml b/apps/authentik/Chart.yaml new file mode 100644 index 0000000..9e67796 --- /dev/null +++ b/apps/authentik/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: authentik +version: 0.0.0 +dependencies: + - name: authentik + version: 2025.10.0 + repository: https://charts.goauthentik.io \ No newline at end of file diff --git a/apps/authentik/values.yaml b/apps/authentik/values.yaml new file mode 100644 index 0000000..6a390ef --- /dev/null +++ b/apps/authentik/values.yaml @@ -0,0 +1,53 @@ +authentik: + global: + priorityClassName: homelab-critical + authentik: + secret_key: bGd7nChCpPQmypR64rgF + postgresql: + host: file:///postgres-creds/host + name: file:///postgres-creds/dbname + user: file:///postgres-creds/username + password: file:///postgres-creds/password + server: + metrics: + enabled: true + serviceMonitor: + enabled: true + ingress: + enabled: true + hosts: + - authentik.noxxos.nl + - auth.noxxos.nl + - sso.noxxos.nl + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + volumes: + - name: postgres-creds + secret: + secretName: pg-authentik-cluster-app + volumeMounts: + - name: postgres-creds + mountPath: /postgres-creds + readOnly: true + worker: + volumes: + - name: postgres-creds + secret: + secretName: pg-authentik-cluster-app + volumeMounts: + - name: postgres-creds + mountPath: /postgres-creds + readOnly: true + postgresql: + enabled: false + redis: + enabled: true + image: + repository: redis + tag: 8.2 + master: + persistence: + enabled: false + prometheus: + rules: + enabled: true \ No newline at end of file diff --git a/appset/applicationset.yaml b/appset/applicationset.yaml new file mode 100644 index 0000000..a1b8e5d --- /dev/null +++ b/appset/applicationset.yaml @@ -0,0 +1,108 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: apps + namespace: argocd +spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] + generators: + - merge: + # Join base (directories) with overrides (files) by folder name: + mergeKeys: + - '{{ .path.basename }}' # requires recent Argo CD (see note) + generators: + # Base: every folder under apps/* + - git: + repoURL: https://git.mvzijl.nl/marco/veda.git + revision: HEAD + branch: applicationset-rewrite + directories: + - path: apps/* + # Overrides: optional appset.(yaml|yml|json) in each app + - git: + repoURL: https://git.mvzijl.nl/marco/veda.git + revision: HEAD + branch: applicationset-rewrite + files: + - path: apps/*/appset.yaml + - path: apps/*/appset.yml + - path: apps/*/appset.json + # ---- Application template ---- + template: + metadata: + name: '{{ default .path.basename .name }}' + labels: + app.kubernetes.io/part-of: root + # allow grouping for RollingSync (see section B) + tier: '{{ default "apps" (index .labels "tier") }}' + finalizers: + - resources-finalizer.argocd.argoproj.io + spec: + project: '{{ default "default" .project }}' + source: + repoURL: https://git.mvzijl.nl/marco/veda.git + branch: applicationset-rewrite + targetRevision: '{{ default "main" .targetRevision }}' + path: '{{ .path.path }}' + # Tool-specific overrides (only render when present) + {{- if .helm }} + helm: + {{- if .helm.releaseName }}releaseName: {{ .helm.releaseName }}{{- end }} + {{- if .helm.valueFiles }} + valueFiles: + {{- range .helm.valueFiles }} + - {{ . }} + {{- end }} + {{- end }} + {{- if hasKey .helm "ignoreMissingValueFiles" }} + ignoreMissingValueFiles: {{ .helm.ignoreMissingValueFiles }} + {{- end }} + {{- end }} + {{- if .kustomize }} + kustomize: + {{- if .kustomize.namePrefix }}namePrefix: {{ .kustomize.namePrefix }}{{- end }} + {{- if .kustomize.commonLabels }} + commonLabels: + {{- range $k,$v := .kustomize.commonLabels }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} + {{- end }} + {{- if .directory }} + directory: + {{- if hasKey .directory "recurse" }}recurse: {{ .directory.recurse }}{{- end }} + {{- end }} + destination: + server: '{{ default "https://kubernetes.default.svc" .server }}' + namespace: '{{ default .path.basename .namespace }}' + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + {{- range .syncOptions }} + - {{ . }} + {{- end }} + # ---- Progressive / RollingSync (section B) ---- + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: tier + operator: In + values: ["system"] # e.g. CRDs/operators first + - matchExpressions: + - key: tier + operator: In + values: ["platform"] # infra (DBs, ingress, etc.) + maxUpdate: 50% + - matchExpressions: + - key: tier + operator: In + values: ["apps"] # leaf apps + maxUpdate: 25% + deletionOrder: Reverse \ No newline at end of file diff --git a/argocd-ingress.yaml b/argocd-ingress.yaml index eeff9f2..cbfad89 100644 --- a/argocd-ingress.yaml +++ b/argocd-ingress.yaml @@ -4,7 +4,7 @@ metadata: name: argocd-ingress namespace: argocd annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web + traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: - host: argocd.noxxos.nl @@ -16,4 +16,4 @@ spec: service: name: argocd-server port: - name: http \ No newline at end of file + name: http diff --git a/harbor/Chart.yaml b/harbor/Chart.yaml new file mode 100644 index 0000000..e69de29 diff --git a/harbor/values.yaml b/harbor/values.yaml new file mode 100644 index 0000000..3ff33bc --- /dev/null +++ b/harbor/values.yaml @@ -0,0 +1,8 @@ +registry: + enabled: true + # put Harbor values under this alias, e.g.: + expose: + type: ingress + ingress: + hosts: + core: harbor.noxxos.nl \ No newline at end of file