init

2024-05-22 12:49:28 -05:00
commit 35b77bb0df
219 changed files with 9997 additions and 0 deletions
--- a/clusters/cl01tl/deployment/kargo/Chart.yaml
+++ b/clusters/cl01tl/deployment/kargo/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: kargo
+version: 1.0.0
+sources:
+  - https://github.com/akuity/kargo
+  - https://github.com/akuity/kargo/blob/main/charts/kargo/Chart.yaml
+dependencies:
+  - name: kargo
+    version: 0.6.0
+    repository: oci://ghcr.io/akuity/kargo-charts
+appVersion: v0.5.1
--- a/clusters/cl01tl/deployment/kargo/templates/external-secret.yaml
+++ b/clusters/cl01tl/deployment/kargo/templates/external-secret.yaml
@@ -0,0 +1,56 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kargo-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: kargo-oidc-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: CLIENT_SECRET
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/kargo
+        metadataPolicy: None
+        property: secret
+    - secretKey: CLIENT_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/kargo
+        metadataPolicy: None
+        property: client
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kargo-cluster-cl02do-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: kargo-cluster-cl02do-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    argocd.argoproj.io/secret-type: cluster
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: kubeconfig
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /argocd/credentials/cluster/cl02do
+        metadataPolicy: None
+        property: kubeconfig
--- a/clusters/cl01tl/deployment/kargo/values.yaml
+++ b/clusters/cl01tl/deployment/kargo/values.yaml
@@ -0,0 +1,120 @@
+kargo:
+  api:
+    host: kargo.alexlebens.net
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    tls:
+      enabled: false
+    ingress:
+      enabled: true
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      ingressClassName: traefik
+      tls:
+        enabled: true
+        selfSignedCert: false
+    adminAccount:
+      enabled: false
+    oidc:
+      enabled: true
+      admins:
+        groups: ["ArgoCD Admins"]
+      dex:
+        enabled: true
+        image:
+          repository: ghcr.io/dexidp/dex
+          tag: v2.39.1
+        env:
+          - name: CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: kargo-oidc-secret
+                key: CLIENT_ID
+          - name: CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: kargo-oidc-secret
+                key: CLIENT_SECRET            
+        tls:
+          selfSignedCert: false
+        skipApprovalScreen: true
+        connectors:
+          - type: oidc
+            id: authentik
+            name: Authentik
+            config:
+              issuer: https://authentik.alexlebens.net/application/o/kargo/
+              clientID: "$CLIENT_ID"
+              clientSecret: "$CLIENT_SECRET"
+              redirectURI: https://kargo.alexlebens.net/dex/callback
+              insecureEnableGroups: true
+              scopes:
+                - openid
+                - profile
+                - email
+                - groups
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+    argocd:
+      urls:
+        "": https://argocd.alexlebens.net
+    rollouts:
+      integrationEnabled: true
+  controller:
+    enabled: true
+    gitClient:
+      name: "Kargo cl01tl"
+      email: "alexanderlebens@gmail.com"
+    argocd:
+      integrationEnabled: true
+    rollouts:
+      integrationEnabled: true
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+  managementController:
+    enabled: true
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+  webhooks:
+    register: true
+  webhooksServer:
+    tls:
+      selfSignedCert: true
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+  garbageCollector:
+    schedule: "0 * * * *"
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi