alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

tmp/refactor (#4988)
All checks were successful
lint-test-helm / lint-helm (push) Successful in 15s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m29s
Details

Browse Source 
Reviewed-on: #4988
This commit was merged in pull request #4988.
This commit is contained in:
Alex Lebens
2026-03-23 01:04:56 +00:00
parent 11b2efd332
commit 3599b7a8a6
3 changed files with 128 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -4,10 +4,8 @@ version: 1.0.0
description: Argo CD description: Argo CD
keywords: keywords:
- argo-cd - argo-cd
- delivery
- deployment - deployment
- gitops home: https://docs.alexlebens.dev/applications/argo-cd/
home: https://wiki.alexlebens.dev/s/8a75cf26-b9df-437e-9cc5-2ef47e871a5f
sources: sources:
- https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-cd
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd

18
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd key: /authentik/oidc/argocd
metadataPolicy: None
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd key: /authentik/oidc/argocd
metadataPolicy: None
property: client property: client
--- ---
@@ -44,10 +38,7 @@ spec:
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -67,22 +58,13 @@ spec:
data: data:
- secretKey: type - secretKey: type
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: type property: type
- secretKey: url - secretKey: url
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: url property: url
- secretKey: sshPrivateKey - secretKey: sshPrivateKey
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: sshPrivateKey property: sshPrivateKey

139
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -1,12 +1,11 @@
argo-cd: argo-cd:
crds: crds:
install: true install: true
keep: true
configs: configs:
cm: cm:
admin.enabled: true admin.enabled: true
accounts.homepage: apiKey accounts.homepage: apiKey
timeout.reconciliation: 100s
timeout.reconciliation.jitter: 60s
url: https://argocd.alexlebens.net url: https://argocd.alexlebens.net
statusbadge.url: https://argocd.alexlebens.net/ statusbadge.url: https://argocd.alexlebens.net/
statusbadge.enabled: true statusbadge.enabled: true
@@ -33,12 +32,53 @@ argo-cd:
g, homepage, role:readonly g, homepage, role:readonly
controller: controller:
replicas: 1 replicas: 1
resources:
requests:
cpu: 15m
memory: 1Gi
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex: dex:
enabled: true enabled: true
resources:
requests:
cpu: 10m
memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -49,13 +89,57 @@ argo-cd:
enabled: true enabled: true
redis-ha: redis-ha:
enabled: true enabled: true
image:
repository: redis
tag: 8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
persistentVolume:
enabled: true
redis:
resources:
requests:
cpu: 1000m
memory: 64Mi
haproxy:
enabled: true
image:
repository: haproxy
tag: 3.0.19-alpine@sha256:ec781a129b8c4837c76fcb26f7b585708966873b536b9d7aa7cbcc342ae8a76f
resources:
requests:
cpu: 10m
memory: 128Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
exporter:
enabled: true
image: ghcr.io/oliver006/redis_exporter
tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
serviceMonitor:
enabled: true
prometheusRule:
enabled: true
interval: 30s
rules:
- alert: RedisPodDown
expr: |
redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
for: 5m
labels:
severity: critical
annotations:
description: Redis pod {{ "{{ $labels.pod }}" }} is down
summary: Redis pod {{ "{{ $labels.pod }}" }} is down
auth: false auth: false
redisSecretInit: redisSecretInit:
enabled: false enabled: false
server: server:
replicas: 2 replicas: 2
extensions: resources:
enabled: false requests:
cpu: 10m
memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -69,30 +153,55 @@ argo-cd:
namespace: traefik namespace: traefik
hostnames: hostnames:
- argocd.alexlebens.net - argocd.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
repoServer: repoServer:
replicas: 2 replicas: 2
resources:
requests:
cpu: 10m
memory: 64Mi
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
applicationSet: applicationSet:
replicas: 2 replicas: 2
resources:
requests:
cpu: 10m
memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
livenessProbe:
enabled: true
readinessProbe: readinessProbe:
enabled: true enabled: true
notifications: failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true enabled: true
context: failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
notifications:
argocdUrl: https://argocd.alexlebens.net argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
@@ -107,6 +216,10 @@ argo-cd:
headers: headers:
- name: Authorization - name: Authorization
value: Bearer $ntfy-token value: Bearer $ntfy-token
resources:
requests:
cpu: 10m
memory: 64Mi
livenessProbe: livenessProbe:
enabled: true enabled: true
readinessProbe: readinessProbe: