Added first ArgoCD app-of-apps structure

Refactor ArgoCD patch to update inline manifests and repository URL
Add endpoints to talosconfig for improved connectivity
2025-05-02 22:33:21 +02:00 · 2025-05-02 22:32:40 +02:00 · 2025-05-02 22:32:11 +02:00 · 2025-05-02 22:32:02 +02:00 · 2025-05-02 22:31:37 +02:00
8 changed files with 142 additions and 8 deletions
--- a/app-test-1/app-test-1.yaml
+++ b/app-test-1/app-test-1.yaml
@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: app-test-1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app-test-1-deploy
+  namespace: app-test-1
+spec:
+  replicas: 1
+  selector:
+    matchLabels: 
+      app: app-test-1
+  template:
+    metadata:
+      labels:
+        app: app-test-1
+    spec:
+      containers:
+      - name: app-test-1
+        image: nginx
+        ports:
+        - name: web
+          containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: app-test-1-svc
+  namespace: app-test-1
+  labels:
+    app: app-test-1
+spec:
+  type: ClusterIP
+  ports:
+  - name:  http
+    port:  80
+    targetPort: 80
+    protocol: TCP
+  selector:
+    app: app-test-1
--- a/applications/Chart.yaml
+++ b/applications/Chart.yaml
@ -0,0 +1,23 @@
+apiVersion: v2
+name: applications
+description: Applications
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: "1.0"
--- a/applications/templates/app-test-1.yaml
+++ b/applications/templates/app-test-1.yaml
@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: app-test-1
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: test-app
+    server: {{ .Values.spec.destination.server }}
+  project: default
+  source:
+    path: app-test-1
+    repoURL: {{ .Values.spec.source.repoURL }}
+    targetRevision: {{ .Values.spec.source.targetRevision }}
--- a/applications/values.yaml
+++ b/applications/values.yaml
@ -0,0 +1,6 @@
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: https://git.mvzijl.nl/marco/veda.git
+    targetRevision: HEAD
--- a/readme.md
+++ b/readme.md
@ -43,3 +43,25 @@ TODO
 ## TODO

 - Remove secrets from config
+
+## Misc
+
+### Applying patches
+
+```bash
+talosctl patch machineconfig -p @argocd.yaml -n 192.168.0.0
+```
+
+### Reset node
+
+```bash
+talosctl reset --system-labels-to-wipe EPHEMERAL,STATE --reboot -n 192.168.0.0
+```
+
+### ArgoCD default login
+
+User: admin, password can be retrieved with (ignore the '%' at the end):
+
+```bash
+kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+```
--- a/talos/patches/argocd.yaml
+++ b/talos/patches/argocd.yaml
@ -1,6 +1,5 @@
- op: add
-  path: /cluster/inlineManifests
-  value:
+cluster:
+  inlineManifests:
    - name: argocd-namespace
      contents: |
        apiVersion: v1
@ -17,9 +16,9 @@
        spec:
          project: default
          source:
-            repoURL: https://github.com/argoproj/argo-cd-example-apps.git
+            repoURL: https://git.mvzijl.nl/marco/veda.git
            targetRevision: HEAD
-            path: guestbook
+            path: applications
          destination:
            server: https://kubernetes.default.svc
            namespace: default
--- a/talos/patches/cilium.sh
+++ b/talos/patches/cilium.sh
@ -1,15 +1,37 @@
+#!/usr/bin/env bash
+
+cat > template.yaml << 'EOF'
+cluster:
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true
+  inlineManifests:
+    - name: cilium
+      contents: |
+        __CILIUM_MANIFEST__
+EOF
+
+helm repo add cilium https://helm.cilium.io/
 helm template \
    cilium \
    cilium/cilium \
-    --version 1.15.6 \
+    --version 1.17.3 \
    --namespace kube-system \
    --set ipam.mode=kubernetes \
    --set hubble.relay.enabled=true \
    --set hubble.ui.enabled=true \
+    --set l2announcements.enabled=true \
    --set kubeProxyReplacement=true \
    --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
    --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
    --set cgroup.autoMount.enabled=false \
    --set cgroup.hostRoot=/sys/fs/cgroup \
    --set k8sServiceHost=localhost \
-    --set k8sServicePort=7445 > cilium.yaml
+    --set k8sServicePort=7445 | sed 's/^/        /' > manifest.tmp
+
+sed -e '/__CILIUM_MANIFEST__/r manifest.tmp' -e '/__CILIUM_MANIFEST__/d' template.yaml > cilium.yaml
+
+rm manifest.tmp
+rm template.yaml
--- a/talos/talosconfig
+++ b/talos/talosconfig
@ -1,7 +1,10 @@
 context: veda
 contexts:
    veda:
-        endpoints: []
+        endpoints: 
+            - 192.168.0.10
+            - 192.168.0.11
+            - 192.168.0.12
        ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBc2NKK2QydlFtaFRSZFZGdTBydzdoVEFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXdOVEF4TVRBeE16QTJXaGNOTXpVd05ESTVNVEF4TXpBMldqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUIvZ3lFSHlMRDNJTzZTazdwaUZva0Jwc21obkxwckJMTll3Cno3K1pMbXdlbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkozUFM4YTR2NEtHd2srbQpOb0V0elpEcTlaYmFNQVVHQXl0bGNBTkJBTFo2SGZPS3A5c3kzbkcxL1Z1bVhuM2hWQjd1bGpZeW95Mkh3Qm5QClpLNFo3Sk1Yb3NEMVJOY05KdGUxQUp2Tm5NaElxbVMvamhXbjZQdCtLN1YxbWcwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJLRENCMjZBREFnRUNBaEFjcmZWemFpb3JiUTM3Ym9IU2ZuSnFNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5UQTFNREV4TURFek1EWmFGdzB5TmpBMU1ERXhNREV6TURaYU1CTXhFVEFQQmdOVgpCQW9UQ0c5ek9tRmtiV2x1TUNvd0JRWURLMlZ3QXlFQUpLZ1RVemtFSE1WTnRYS2k0b1ZwUE9zbVFjR2V0RFNqCjVwZjRNVG1FVmp1alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0QKQWpBZkJnTlZIU01FR0RBV2dCU2R6MHZHdUwrQ2hzSlBwamFCTGMyUTZ2V1cyakFGQmdNclpYQURRUUEyaHhtZwpRM3Z3a0tQNWFsc2dDb3I5eEFXUEtKUVpNcUdOWVJQVEo2cFZhbjYrWHdNVjhUekp3NUE3cXRWQ2tUcERyWm1PCkoxclMrZkdrSm5JaU1mRUUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
        key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJSWsxbEExZ3FEK0RqaXhCQUxPdEJxNFhtZ1FvelE1cEpaUktEeVpITmZxegotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
Author	SHA1	Message	Date
Marco van Zijl	51d9f77411	Added first ArgoCD app-of-apps structure	2025-05-02 22:33:21 +02:00
Marco van Zijl	7c7085d31e	Refactor ArgoCD patch to update inline manifests and repository URL	2025-05-02 22:32:40 +02:00
Marco van Zijl	7552c56d28	Add endpoints to talosconfig for improved connectivity	2025-05-02 22:32:11 +02:00
Marco van Zijl	e657dc1150	Update cilium.sh to include template generation and upgrade Cilium version to 1.17.3	2025-05-02 22:32:02 +02:00
Marco van Zijl	9991eaf046	Update README.md with additional instructions for applying patches, resetting nodes, and ArgoCD default login	2025-05-02 22:31:37 +02:00