migration to next

2025-03-02 16:56:16 -06:00
parent 1693ecd0ae
commit 9fe661cf24
342 changed files with 166 additions and 159 deletions
--- a/clusters/cl01tl/deployment/argo-cd/templates/external-secret.yaml
+++ b/clusters/cl01tl/deployment/argo-cd/templates/external-secret.yaml
@@ -1,70 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: argocd-oidc-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: argocd-oidc-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: argocd
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: secret
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/argocd
-        metadataPolicy: None
-        property: secret
-    - secretKey: client
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/argocd
-        metadataPolicy: None
-        property: client
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: argocd-gitea-repo-infrastructure-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: repo
-    app.kubernetes.io/part-of: argocd
-    argocd.argoproj.io/secret-type: repository
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: type
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        metadataPolicy: None
-        property: type
-    - secretKey: url
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        metadataPolicy: None
-        property: url
-    - secretKey: sshPrivateKey
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        metadataPolicy: None
-        property: sshPrivateKey
--- a/clusters/cl01tl/deployment/argo-cd/templates/ingress.yaml
+++ b/clusters/cl01tl/deployment/argo-cd/templates/ingress.yaml
@@ -1,27 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: argocd-tailscale
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: argocd-tailscale
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  ingressClassName: tailscale
-  tls:
-    - hosts:
-        - argocd-cl01tl
-  rules:
-    - host: argocd-cl01tl
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: argo-cd-argocd-server
-                port:
-                  number: 80
--- a/clusters/cl01tl/deployment/argo-cd/Chart.yaml
+++ b/clusters/cl01tl/deployment/argo-cd/Chart.yaml
--- a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml
+++ b/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml
@@ -0,0 +1,70 @@
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: argocd-oidc-secret
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: argocd-oidc-secret
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: server
+#     app.kubernetes.io/part-of: argocd
+# spec:
+#   secretStoreRef:
+#     kind: ClusterSecretStore
+#     name: vault
+#   data:
+#     - secretKey: secret
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /authentik/oidc/argocd
+#         metadataPolicy: None
+#         property: secret
+#     - secretKey: client
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /authentik/oidc/argocd
+#         metadataPolicy: None
+#         property: client
+
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: argocd-gitea-repo-infrastructure-secret
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: repo
+#     app.kubernetes.io/part-of: argocd
+#     argocd.argoproj.io/secret-type: repository
+# spec:
+#   secretStoreRef:
+#     kind: ClusterSecretStore
+#     name: vault
+#   data:
+#     - secretKey: type
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/argocd/credentials/repo/infrastructure
+#         metadataPolicy: None
+#         property: type
+#     - secretKey: url
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/argocd/credentials/repo/infrastructure
+#         metadataPolicy: None
+#         property: url
+#     - secretKey: sshPrivateKey
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/argocd/credentials/repo/infrastructure
+#         metadataPolicy: None
+#         property: sshPrivateKey
--- a/clusters/cl01tl/deployment/argocd/templates/ingress.yaml
+++ b/clusters/cl01tl/deployment/argocd/templates/ingress.yaml
@@ -0,0 +1,27 @@
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   name: argocd-tailscale
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: argocd-tailscale
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: web
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   ingressClassName: tailscale
+#   tls:
+#     - hosts:
+#         - argocd-cl01tl
+#   rules:
+#     - host: argocd-cl01tl
+#       http:
+#         paths:
+#           - path: /
+#             pathType: Prefix
+#             backend:
+#               service:
+#                 name: argocd-server
+#                 port:
+#                   number: 80
--- a/clusters/cl01tl/deployment/argo-cd/values.yaml
+++ b/clusters/cl01tl/deployment/argo-cd/values.yaml
@@ -15,22 +15,22 @@ argo-cd:
          - '.spec.template.spec.hostUsers'
      timeout.reconciliation: 100s
      timeout.reconciliation.jitter: 60s
-      url: https://argocd-cl01tl.boreal-beaufort.ts.net
+      url: https://argocd.alexlebens.net
      statusbadge.enabled: true
-      dex.config: |
-        connectors:
-        - config:
-            issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argocd/
-            clientID: $argocd-oidc-secret:client
-            clientSecret: $argocd-oidc-secret:secret
-            insecureEnableGroups: true
-            scopes:
-              - openid
-              - profile
-              - email
-          name: authentik
-          type: oidc
-          id: authentik
+      # dex.config: |
+      #   connectors:
+      #   - config:
+      #       issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argocd/
+      #       clientID: $argocd-oidc-secret:client
+      #       clientSecret: $argocd-oidc-secret:secret
+      #       insecureEnableGroups: true
+      #       scopes:
+      #         - openid
+      #         - profile
+      #         - email
+      #     name: authentik
+      #     type: oidc
+      #     id: authentik
    rbac:
      policy.csv: |
        g, ArgoCD Admins, role:admin
@@ -39,12 +39,10 @@ argo-cd:
  server:
    replicas: 2
    ingress:
-      enabled: true
+      enabled: false
      controller: generic
-      ingressClassName: traefik
+      ingressClassName: cilium
      annotations:
-        traefik.ingress.kubernetes.io/router.entrypoints: websecure
-        traefik.ingress.kubernetes.io/router.tls: "true"
        cert-manager.io/cluster-issuer: letsencrypt-issuer
      hostname: argocd.alexlebens.net
      tls: true
--- a/clusters/cl01tl/deployment/stack/values.yaml
+++ b/clusters/cl01tl/deployment/stack/values.yaml
@@ -26,7 +26,7 @@ applicationSet:
        kind: ValidatingWebhookConfiguration
        jqPathExpressions:
          - .webhooks[].clientConfig.caBundle
-    namespace: argo-cd
+    namespace: argocd
    syncPolicy:
      automated:
        prune: true