diff --git a/MIGRATION.md b/MIGRATION.md new file mode 100644 index 0000000..3ea0007 --- /dev/null +++ b/MIGRATION.md @@ -0,0 +1,43 @@ +# ArgoCD Apps Migration + +## Summary + +This repository has been converted from `applicationsets/` to `argocd-apps/`. + +- Previous model: `ApplicationSet` manifests under `applicationsets/` +- New model: single `Application` manifests under `argocd-apps/` + +`applicationsets/` is now **deprecated** and has been moved to `archive/applicationsets/`. + +## What Changed + +For each file in `applicationsets/`, an equivalent `Application` was created in `argocd-apps/`. + +- API kind changed from `ApplicationSet` to `Application` +- Existing app name, project, destination server, destination namespace, repo URL, target revision, and sync policy were preserved +- `syncOptions` includes `CreateNamespace=true` +- `spec.syncPolicy.automated.prune` is temporarily set to `false` during takeover to avoid accidental deletions + +## Environment Values Policy + +This repo now references **prod-only** chart values in ArgoCD app definitions. + +- `values-int.yaml` is no longer referenced by generated ArgoCD apps +- Existing `values-int.yaml` files were not deleted +- Helm apps now read values from `manifests//values.yaml` + +## Archived Legacy Structure + +- Old `applicationsets/` files were moved to `archive/applicationsets/` +- `charts/` and `manifests/` remain active in place + +## Required Root App Change + +Update your ArgoCD root app (or app-of-apps) to point to `argocd-apps/` instead of `applicationsets/`. + +Typical change: + +- From: `spec.source.path: applicationsets` +- To: `spec.source.path: argocd-apps` + +Apply and sync the root app after this path update. \ No newline at end of file diff --git a/archive/applicationsets/dcgm-exporter.yaml b/archive/applicationsets/dcgm-exporter.yaml new file mode 100644 index 0000000..a867bd6 --- /dev/null +++ b/archive/applicationsets/dcgm-exporter.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dcgm-exporter + namespace: argocd +spec: + project: ai-stack + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: charts/ollama + helm: + valueFiles: + - ../../manifests/ollama/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: ai-stack + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/archive/applicationsets/eck-resources.yaml b/archive/applicationsets/eck-resources.yaml new file mode 100644 index 0000000..f189788 --- /dev/null +++ b/archive/applicationsets/eck-resources.yaml @@ -0,0 +1,38 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: eck-resources + namespace: argocd +spec: + generators: + - list: + elements: + - env: prod + valuesFile: values-prod.yaml + nameSuffix: eck-prod + host: kibana.dvirlabs.com + - env: int + valuesFile: values-int.yaml + nameSuffix: eck-int + host: kibana-int.dvirlabs.com + template: + metadata: + name: '{{nameSuffix}}' + spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: master + path: charts/eck-resources + helm: + valueFiles: + - my-values/{{valuesFile}} + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/archive/applicationsets/external-secrets-appset.yaml b/archive/applicationsets/external-secrets-appset.yaml new file mode 100644 index 0000000..3b4dcf5 --- /dev/null +++ b/archive/applicationsets/external-secrets-appset.yaml @@ -0,0 +1,30 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: external-secrets-appset + namespace: argocd +spec: + generators: + - git: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + revision: master + directories: + - path: manifests/external-secrets + template: + metadata: + name: 'external-secret-{{path.basename}}' + spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: master + path: '{{path}}' + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: true + selfHeal: true \ No newline at end of file diff --git a/archive/applicationsets/prometheus-scrape-secret.yaml b/archive/applicationsets/prometheus-scrape-secret.yaml new file mode 100644 index 0000000..cc7c260 --- /dev/null +++ b/archive/applicationsets/prometheus-scrape-secret.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: prometheus-scrape-secret + namespace: argocd +spec: + generators: + - list: + elements: + - name: prometheus-scrape-secret + template: + metadata: + name: '{{name}}' + spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: manifests/prometheus-scrape-secret + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/archive/applicationsets/rancher-monitoring-appset.yaml b/archive/applicationsets/rancher-monitoring-appset.yaml new file mode 100644 index 0000000..9e3506e --- /dev/null +++ b/archive/applicationsets/rancher-monitoring-appset.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: rancher-monitoring-appset + namespace: argocd +spec: + generators: + - list: + elements: + - env: prod + valuesFile: values-prod.yaml + nameSuffix: rancher-monitoring-prod + host: grafana.dvirlabs.com + template: + metadata: + name: '{{nameSuffix}}' + spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: charts/rancher-monitoring + helm: + valueFiles: + - my-values/{{valuesFile}} + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/archive/applicationsets/uptime-kuma.yaml b/archive/applicationsets/uptime-kuma.yaml new file mode 100644 index 0000000..5e9eb5a --- /dev/null +++ b/archive/applicationsets/uptime-kuma.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: uptime-kuma + namespace: argocd +spec: + generators: + - list: + elements: + - env: prod + valuesFile: values-prod.yaml + nameSuffix: uptime-kuma-prod + host: kuma.dvirlabs.com + template: + metadata: + name: '{{nameSuffix}}' + spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: master + path: charts/uptime-kuma + helm: + valueFiles: + - my-values/{{valuesFile}} + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd-apps/dcgm-exporter.yaml b/argocd-apps/dcgm-exporter.yaml new file mode 100644 index 0000000..54f6a47 --- /dev/null +++ b/argocd-apps/dcgm-exporter.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dcgm-exporter + namespace: argocd +spec: + project: ai-stack + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: charts/ollama + helm: + valueFiles: + - ../../manifests/ollama/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: ai-stack + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd-apps/eck-resources.yaml b/argocd-apps/eck-resources.yaml new file mode 100644 index 0000000..44f19b1 --- /dev/null +++ b/argocd-apps/eck-resources.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: eck-resources + namespace: argocd +spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: charts/eck-resources + helm: + valueFiles: + - ../../manifests/eck-resources/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd-apps/external-secrets-appset.yaml b/argocd-apps/external-secrets-appset.yaml new file mode 100644 index 0000000..ba0c96c --- /dev/null +++ b/argocd-apps/external-secrets-appset.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: external-secrets-appset + namespace: argocd +spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: master + path: manifests/external-secrets + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd-apps/prometheus-scrape-secret.yaml b/argocd-apps/prometheus-scrape-secret.yaml new file mode 100644 index 0000000..3e94c45 --- /dev/null +++ b/argocd-apps/prometheus-scrape-secret.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prometheus-scrape-secret + namespace: argocd +spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: manifests/prometheus-scrape-secret + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd-apps/rancher-monitoring-appset.yaml b/argocd-apps/rancher-monitoring-appset.yaml new file mode 100644 index 0000000..61abb62 --- /dev/null +++ b/argocd-apps/rancher-monitoring-appset.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: rancher-monitoring-appset + namespace: argocd +spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: charts/rancher-monitoring + helm: + valueFiles: + - ../../manifests/rancher-monitoring/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd-apps/uptime-kuma.yaml b/argocd-apps/uptime-kuma.yaml new file mode 100644 index 0000000..8f9a7a9 --- /dev/null +++ b/argocd-apps/uptime-kuma.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: uptime-kuma + namespace: argocd +spec: + project: observability + source: + repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git + targetRevision: HEAD + path: charts/uptime-kuma + helm: + valueFiles: + - ../../manifests/uptime-kuma/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: monitoring + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/manifests/eck-resources/values.yaml b/manifests/eck-resources/values.yaml new file mode 100644 index 0000000..67c6229 --- /dev/null +++ b/manifests/eck-resources/values.yaml @@ -0,0 +1,3 @@ +enabled: true +env: prod +host: kibana.dvirlabs.com diff --git a/manifests/rancher-monitoring/values.yaml b/manifests/rancher-monitoring/values.yaml new file mode 100644 index 0000000..12e63c2 --- /dev/null +++ b/manifests/rancher-monitoring/values.yaml @@ -0,0 +1,62 @@ +namespaceOverride: monitoring + +prometheus: + prometheusSpec: + serviceMonitorSelectorNilUsesHelmValues: false + podMonitorSelectorNilUsesHelmValues: false + retention: 10d + resources: + requests: + memory: 400Mi + cpu: 200m + storageSpec: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: nfs-client + resources: + requests: + storage: 50Gi + additionalScrapeConfigsSecret: + enabled: true + name: prometheus-additional-scrape-configs + key: additional-scrape-configs.yaml + +grafana: + persistence: + enabled: true + storageClassName: nfs-client + accessModes: ["ReadWriteOnce"] + size: 2Gi + + ingress: + enabled: true + hosts: + - grafana.dvirlabs.com + annotations: + cert-manager.io/cluster-issuer: letsencrypt + tls: + - hosts: + - grafana.dvirlabs.com + secretName: tls-grafana + + envFromSecret: grafana-oidc-secret + + grafana.ini: + server: + root_url: https://grafana.dvirlabs.com + auth: + disable_login_form: true + disable_signout_menu: false + auth.generic_oauth: + enabled: true + name: Keycloak + allow_sign_up: true + client_id: grafana + client_secret: ${client_secret} + scopes: openid profile email + auth_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/auth + token_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/token + api_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/userinfo + role_attribute_path: 'Admin' + allow_assign_grafana_admin: true diff --git a/manifests/uptime-kuma/values.yaml b/manifests/uptime-kuma/values.yaml new file mode 100644 index 0000000..cfb3456 --- /dev/null +++ b/manifests/uptime-kuma/values.yaml @@ -0,0 +1,19 @@ +enabled: true + +image: + tag: "2.0.2" + +volume: + enabled: true + storageClassName: nfs-client + accessMode: ReadWriteOnce + size: 5Gi + +service: + type: ClusterIP + port: 3001 + +ingress: + enabled: false + +replicaCount: 1