├── .gitignore ├── Makefile ├── README.md ├── apps ├── auth │ ├── Chart.yaml │ ├── templates │ │ └── keycloak.yaml │ └── values.yaml ├── bootstrap │ ├── Chart.yaml │ ├── templates │ │ ├── 2048.yaml │ │ ├── auth.yaml │ │ ├── cheese.yaml │ │ ├── ci.yaml │ │ ├── infra.yaml │ │ ├── logging.yaml │ │ ├── monitoring.yaml │ │ ├── oil-monitor.yaml │ │ ├── quake.yaml │ │ ├── serverless.yaml │ │ └── storage.yaml │ └── values.yaml ├── ci │ ├── Chart.yaml │ ├── disabled │ │ └── argocd-notifications.yaml │ ├── templates │ │ ├── argocd-projects.yaml │ │ ├── argocd-workflows.yaml │ │ ├── argocd.yaml │ │ └── qemu-binfmt.yaml │ └── values.yaml ├── infra │ ├── Chart.yaml │ ├── disabled │ │ └── traefik-hub.yaml │ ├── templates │ │ ├── cert-manager.yaml │ │ ├── external-dns.yaml │ │ ├── metallb.yaml │ │ ├── namespaces.yaml │ │ ├── node-feature-discovery.yaml │ │ ├── registry-creds.yaml │ │ ├── sealed-secrets.yaml │ │ ├── traefik.yaml │ │ ├── users.yaml │ │ └── velero.yaml │ └── values.yaml ├── logging │ ├── Chart.yaml │ ├── templates │ │ ├── fluentbit.yaml │ │ └── influxdb.yaml │ └── values.yaml ├── monitoring │ ├── Chart.yaml │ ├── templates │ │ ├── dashboard.yaml │ │ └── kube-prometheus-stack.yaml │ └── values.yaml ├── serverless │ ├── Chart.yaml │ └── values.yaml └── storage │ ├── Chart.yaml │ ├── templates │ ├── minio-operator.yaml │ └── nfs-subdir-external-provisioner.yaml │ └── values.yaml ├── manifests ├── 2048 │ ├── deployment.yaml │ ├── ingress.yaml │ └── service.yaml ├── argocd-notifications │ ├── Chart.yaml │ ├── README.md │ └── values.yaml ├── argocd-projects │ ├── ci.yaml │ ├── docker-buildkit.yaml │ ├── infra.yaml │ └── secrets.yaml ├── argocd-workflows │ ├── Chart.yaml │ ├── templates │ │ ├── argo-workflows-minio-sealed.yaml │ │ └── argo-workflows-sso-sealed.yaml │ ├── values.default.yaml │ └── values.yaml ├── argocd │ ├── Chart.yaml │ ├── charts │ │ └── argo-cd-4.9.7.tgz │ ├── templates │ │ ├── argocd-github-sealed-secret.yaml │ │ ├── argocd-notifications-secret-sealed.yaml │ │ ├── argocd-rak8s-sealed-secret.yaml │ │ └── argocd-sealed-secret.yaml │ ├── values.default.yaml │ └── values.yaml ├── cert-manager │ ├── Chart.yaml │ ├── templates │ │ ├── cloudflare-api-token-sealed.yaml │ │ ├── le-live.yaml │ │ └── le-staging.yaml │ └── values.yaml ├── cheese │ ├── deployment.yaml │ ├── ingress-host.yaml │ ├── ingress-path.yaml │ ├── namespace.yaml │ └── service.yaml ├── elasticsearch │ ├── Chart.yaml │ ├── values.default.yaml │ └── values.yaml ├── external-dns │ ├── Chart.yaml │ ├── templates │ │ └── external-dns-secret-sealed.yaml │ ├── values.default.yaml │ └── values.yaml ├── fluent-bit │ ├── Chart.yaml │ ├── fluent-bit-configmap.yaml │ ├── values.default.yaml │ └── values.yaml ├── influxdb │ ├── Chart.yaml │ ├── templates │ │ └── influxdb-auth-sealed.yaml │ ├── values.default.yaml │ └── values.yaml ├── k8s-dashboard │ ├── Chart.yaml │ ├── values.default.yaml │ └── values.yaml ├── keycloak │ ├── Chart.yaml │ ├── templates │ │ ├── keycloak-config.yaml │ │ ├── keycloak-postgres-secret-sealed.yaml │ │ └── keycloak-secret-sealed.yaml │ ├── values.default.yaml │ └── values.yaml ├── kibana │ ├── Chart.yaml │ └── values.yaml ├── kube-prometheus-stack │ ├── Chart.yaml │ ├── config-patches │ │ ├── prom-kube-cm-sm-patch.yaml │ │ ├── prom-kube-cm-svc-patch.yaml │ │ ├── prom-kube-sched-sm-patch.yaml │ │ └── prom-kube-sched-svc-patch.yaml │ ├── templates │ │ ├── cert-secret-sealed.yaml │ │ ├── grafana-dashboard-kubernetes-cluster-dashboard.yaml │ │ └── grafana-dashboard-traefik-dashboard.yaml │ ├── values.default.yaml │ └── values.yaml ├── metallb │ ├── Chart.yaml │ ├── values.default.yaml │ └── values.yaml ├── minio-operator │ ├── Chart.yaml │ ├── templates │ │ ├── argo-workflows-minio-minio-sealed.yaml │ │ ├── blahcloud-s3-config-sealed.yaml │ │ ├── blahcloud-s3-console-ingress.yaml │ │ ├── blahcloud-s3-data-ingress.yaml │ │ ├── blahcloud-s3-secret-sealed.yaml │ │ └── blahcloud-s3-tenant.yaml │ ├── values.default.yaml │ └── values.yaml ├── minio │ ├── Chart.yaml │ ├── values.default.yaml │ └── values.yaml ├── namespaces │ ├── 2048.yaml │ ├── cert-manager.yaml │ ├── docker-buildkit.yaml │ ├── infra.yaml │ ├── ingress.yaml │ ├── keycloak.yaml │ ├── kubernetes-dashboard.yaml │ ├── logging.yaml │ ├── minio-blahcloud.yaml │ ├── quake.yaml │ ├── renovate.yaml │ └── velero.yaml ├── nfs-subdir-external-provisioner │ ├── Chart.yaml │ ├── values.default.yaml │ └── values.yaml ├── node-feature-discovery │ ├── deploy.yaml │ └── tensorflow.yaml ├── oil-monitor │ ├── boilerjuice-creds-sealed.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── service.yaml │ └── servicemonitor.yaml ├── qemu-binfmt │ ├── ds.yaml │ └── readme.md ├── quake │ ├── configmap.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── service.yaml │ └── servicemonitor.yaml ├── readme.md ├── registry-creds │ ├── crd.yaml │ ├── docker-creds-sealed.yaml │ └── manifest.yaml ├── sealed-secrets │ ├── Chart.yaml │ ├── charts │ │ └── sealed-secrets-1.16.1.tgz │ └── values.yaml ├── traefik-hub │ ├── Chart.yaml │ ├── values.default.yaml │ └── values.yaml ├── traefik-v2 │ ├── Chart.yaml │ ├── templates │ │ └── servicemonitor.yaml │ ├── values.default.yaml │ └── values.yaml ├── traefik │ ├── Chart.yaml │ ├── templates │ │ └── ingressclass.yaml │ ├── traefik.defaults.yaml │ └── values.yaml ├── users │ └── myles.yaml └── velero │ ├── .credentials-velero │ ├── Chart.yaml │ └── values.yaml └── renovate.json /.gitignore: -------------------------------------------------------------------------------- 1 | Chart.lock 2 | .DS_Store -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: install-prereqs install-argocd get-argocd-password proxy-argocd login-argocd watch-apps 2 | 3 | list: 4 | @$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$' 5 | 6 | fresh: install-prereqs install-argocd get-argocd-password proxy-argocd login-argocd watch-apps 7 | 8 | get-argocd-password: 9 | kubectl wait --for=condition=available deployment -l "app.kubernetes.io/name=argocd-server" -n argocd --timeout=600s 10 | $(eval ARGOPW := $(shell kubectl get secret -n argocd argocd-initial-admin-secret -o json | jq -r .data.password | base64 -d)) 11 | echo ArgoCD password is: $(ARGOPW) 12 | $(MAKE) login-argocd ARGOPW=${ARGOPW} 13 | 14 | login-argocd: 15 | argocd login localhost:8080 --insecure --plaintext --username=admin --password=$(ARGOPW) 16 | 17 | watch-apps: 18 | watch -n 1 argocd app list 19 | 20 | install-prereqs: 21 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml 22 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml 23 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml 24 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml 25 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml 26 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml 27 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml 28 | kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml 29 | helm upgrade --install sealed-secrets -n kube-system ./manifests/sealed-secrets -f manifests/sealed-secrets/values.yaml 30 | kubectl wait --for=condition=available deployment -l "app.kubernetes.io/name=sealed-secrets" -n kube-system --timeout=300s 31 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/docker-creds.yaml > manifests/registry-creds/docker-creds-sealed.yaml 32 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/home/argocd-secret.yaml > manifests/argocd/templates/argocd-sealed-secret.yaml 33 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argocd-github-secret.yaml > manifests/argocd/templates/argocd-github-sealed-secret.yaml 34 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/home/argocd-rak8s-cluster-secret.yaml > manifests/argocd/templates/argocd-rak8s-cluster-sealed-secret.yaml 35 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argocd-notifications-secret.yaml > manifests/argocd-notifications/templates/argocd-notifications-secret-sealed.yaml 36 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/renovate-secret.yaml > manifests/renovate/templates/renovate-sealed-secret.yaml 37 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/home/external-dns-secret.yaml > manifests/external-dns/templates/external-dns-secret-sealed.yaml 38 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/keycloak-secret.yaml > manifests/keycloak/templates/keycloak-secret-sealed.yaml 39 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/keycloak-postgres-secret.yaml > manifests/keycloak/templates/keycloak-postgres-secret-sealed.yaml 40 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argo-workflows-sso.yaml > manifests/argocd-workflows/templates/argo-workflows-sso-sealed.yaml 41 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argo-workflows-minio.yaml > manifests/argocd-workflows/templates/argo-workflows-minio-sealed.yaml 42 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argo-workflows-minio-minio.yaml > manifests/minio-operator/templates/argo-workflows-minio-minio-sealed.yaml 43 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/minio-tenant-config.yaml > manifests/minio-operator/templates/blahcloud-s3-config-sealed.yaml 44 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/minio-tenant-secret.yaml > manifests/minio-operator/templates/blahcloud-s3-secret-sealed.yaml 45 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/cert-secret.yaml > manifests/kube-prometheus-stack/templates/cert-secret-sealed.yaml 46 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/cloudflare-api-token.yaml > manifests/cert-manager/templates/cloudflare-api-token-sealed.yaml 47 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/boilerjuice-creds.yaml > manifests/oil-monitor/boilerjuice-creds-sealed.yaml 48 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/influxdb-auth.yaml > manifests/influxdb/templates/influxdb-auth-sealed.yaml 49 | git add . 50 | git commit -m "ArgoCD secret regen" 51 | git push 52 | kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > ~/Desktop/ArgoCD-Secrets/sealed-secrets-master.key 53 | kubectl create ns argocd || true 54 | kubectl create ns minio || true 55 | kubectl create ns monitoring || true 56 | kubectl apply -f manifests/argocd-notifications/templates/ 57 | kubectl apply -f manifests/argocd-workflows/templates/ 58 | 59 | install-argocd: 60 | kubectl create ns argocd || true 61 | kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/crds/appproject-crd.yaml 62 | kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/crds/application-crd.yaml 63 | helm upgrade --install argocd -n argocd ./manifests/argocd -f manifests/argocd/values.yaml 64 | 65 | install-cert-manager: 66 | helm repo add jetstack https://charts.jetstack.io 67 | kubectl create ns cert-manager 68 | kubectl label ns cert-manager cert-manager.k8s.io/disable-validation=true 69 | kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.crds.yaml 70 | helm upgrade --install cert-manager --n cert-manager --version v0.14.0 jetstack/cert-manager 71 | kubectl apply -f resources/letsencrypt-issuer.yaml 72 | 73 | cleanup: 74 | helm delete -n argocd argocd || true 75 | helm delete -n kube-system sealed-secrets || true 76 | kubectl get applications.argoproj.io -o name | sed -e 's/.*\///g' | xargs -I {} kubectl patch applications.argoproj.io {} -p '{"metadata":{"finalizers":[]}}' --type=merge 77 | kubectl get appprojects.argoproj.io -o name | sed -e 's/.*\///g' | xargs -I {} kubectl patch appprojects.argoproj.io {} -p '{"metadata":{"finalizers":[]}}' --type=merge 78 | kubectl delete appprojects.argoproj.io --all || true 79 | kubectl delete applications.argoproj.io --all || true 80 | kubectl delete crd applications.argoproj.io || true 81 | kubectl delete crd appprojects.argoproj.io || true 82 | kubectl delete apiservice v1beta1.metrics.k8s.io || true 83 | kubectl delete ns argocd || true 84 | kubectl delete ns infra || true 85 | kubectl delete ns buildkit || true 86 | kubectl delete ns buildkit-emu || true 87 | kubectl delete ns cheese || true 88 | kubectl delete ns ingress || true 89 | kubectl delete ns keycloak || true 90 | kubectl delete ns kibana || true 91 | kubectl delete ns elasticsearch || true 92 | kubectl delete ns knative || true 93 | kubectl delete ns logging || true 94 | kubectl delete ns minio || true 95 | kubectl delete ns monitoring || true 96 | kubectl delete ns qemu-binfmt || true 97 | kubectl delete ns quake || true 98 | kubectl delete ns renovate || true 99 | kubectl delete ns storage || true 100 | kubectl delete ns velero || true 101 | kubectl delete ns auth || true 102 | kubectl delete ns registry-creds-system || true 103 | kubectl delete ns kubernetes-dashboard || true 104 | kubectl get apiservice | grep False | awk '{print $1}' | xargs -I {} kubectl delete apiservice {} 105 | kubectl delete crd --all || true 106 | kubectl delete all -l app.kubernetes.io/managed-by=Helm -A || true 107 | kubectl delete all -n default --all || true 108 | 109 | proxy-argocd: 110 | kubectl port-forward -n argocd service/argocd-server 8080:80 & -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # K8s cluster bootstrap and app install 2 | 3 | [![ArgoCD Status](https://argocd.apps.blah.cloud/api/badge?name=bootstrap&revision=true)](https://argocd.apps.blah.cloud/applications/bootstrap) 4 | 5 | ## K8s cluster installed via Ansible 6 | 7 | 8 | 9 | Following on from cluster install, install apps as below. 10 | ## TL;DR 11 | 12 | ```sh 13 | make fresh 14 | ``` 15 | 16 | ## Manual Install 17 | ### Install Prometheus CRDs 18 | 19 | ```sh 20 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml 21 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml 22 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml 23 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml 24 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml 25 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml 26 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml 27 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml 28 | ``` 29 | 30 | ### Bitnami Sealed Secrets 31 | 32 | #### Install Sealed Secrets 33 | 34 | ```sh 35 | helm upgrade --install sealed-secrets -n kube-system ./manifests/sealed-secrets -f manifests/sealed-secrets/values.yaml 36 | ``` 37 | 38 | #### Seal secrets 39 | 40 | ```sh 41 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/docker-creds.yaml > manifests/registry-creds/docker-creds-sealed.yaml 42 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/home/argocd-secret.yaml > manifests/argocd/templates/argocd-sealed-secret.yaml 43 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argocd-github-secret.yaml > manifests/argocd/templates/argocd-github-sealed-secret.yaml 44 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/home/argocd-rak8s-cluster-secret.yaml > manifests/argocd/templates/argocd-rak8s-cluster-sealed-secret.yaml 45 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argocd-notifications-secret.yaml > manifests/argocd-notifications/templates/argocd-notifications-secret-sealed.yaml 46 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/renovate-secret.yaml > manifests/renovate/templates/renovate-sealed-secret.yaml 47 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/home/external-dns-secret.yaml > manifests/external-dns/templates/external-dns-secret-sealed.yaml 48 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/keycloak-secret.yaml > manifests/keycloak/templates/keycloak-secret-sealed.yaml 49 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/keycloak-postgres-secret.yaml > manifests/keycloak/templates/keycloak-postgres-secret-sealed.yaml 50 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argo-workflows-sso.yaml > manifests/argocd-workflows/templates/argo-workflows-sso-sealed.yaml 51 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argo-workflows-minio.yaml > manifests/argocd-workflows/templates/argo-workflows-minio-sealed.yaml 52 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/argo-workflows-minio-minio.yaml > manifests/minio-operator/templates/argo-workflows-minio-minio-sealed.yaml 53 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/minio-tenant-secret.yaml > manifests/minio-operator/templates/minio-tenant-secret-sealed.yaml 54 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/cert-secret.yaml > manifests/kube-prometheus-stack/templates/cert-secret-sealed.yaml 55 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/cloudflare-api-token.yaml > manifests/cert-manager/templates/cloudflare-api-token-sealed.yaml 56 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/boilerjuice-creds.yaml > manifests/oil-monitor/boilerjuice-creds-sealed.yaml 57 | kubeseal --format=yaml < ~/Desktop/ArgoCD-Secrets/influxdb-auth.yaml > manifests/influxdb/templates/influxdb-auth-sealed.yaml 58 | ``` 59 | 60 | #### Backup seal key 61 | 62 | ```sh 63 | kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > ~/Desktop/ArgoCD-Secrets/sealed-secrets-master.key 64 | ``` 65 | 66 | ### (Optional) Restore Bitnami SS from backup - if bad things happened... 67 | 68 | ```sh 69 | helm upgrade --install sealed-secrets -n kube-system ./manifests/sealed-secrets -f manifests/sealed-secrets/values.yaml 70 | kubectl delete secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key=active 71 | kubectl apply -n kube-system -f ~/Desktop/ArgoCD-Secrets/sealed-secrets-master.key 72 | kubectl delete pod -n kube-system -l app.kubernetes.io/name=sealed-secrets 73 | ``` 74 | 75 | ### Initialise secrets needed for bootstrap 76 | 77 | ```sh 78 | kubectl create ns argocd 79 | kubectl apply -f manifests/argocd-notifications/templates/ 80 | kubectl apply -f manifests/argocd-workflows/templates/ 81 | ``` 82 | 83 | ### Install Argo and bootstrap cluster 84 | 85 | ```sh 86 | make install-argocd 87 | make get-argocd-password 88 | ``` 89 | 90 | ## Use 91 | 92 | ```sh 93 | argocd login argocd.apps.blah.cloud --sso --grpc-web 94 | #login with GitHub account or admin password from above 95 | argocd account update-password 96 | argocd app list 97 | ``` 98 | 99 | ## Cleanup 100 | 101 | ```sh 102 | make cleanup 103 | ``` 104 | 105 | ## Todo 106 | 107 | ### Apps 108 | 109 | * Add ArgoCD Image Updater 110 | * ~~Add Oil Monitor app ~~ 111 | * ~~Move from traefik to traefik + cert-manager for ingress and TLS~~ 112 | * ~~Traefik ~HA mode?~~ 113 | * ~~~~ 114 | * ~~~~ 115 | * ~~Use cert-manager for TLS with DNS-01 challenges~~ 116 | * ~~Use IngressClass for Traefik rather than making it a default IngressClass~~ 117 | * Update all Ingress objects to use IngressClass explicitly 118 | * Migrate Ingress objects to v1 119 | * Investigate reloading Traefik when Cert-Manager changes a cert 120 | * 121 | * 122 | * 123 | * Move to kube-vip from metallb 124 | * For control plane: 125 | * For svc type LB: 126 | * Add OIDC provider 127 | * Pinniped? 128 | * Add Argo Events 129 | * Add Argo Rollouts 130 | * Investigate Argo Operator 131 | * ARM Builds of complex tools 132 | * Add Istio (needs ARM builds - ) 133 | * Add Tekton (needs ARM builds - ) 134 | * Add KNative (needs ARM builds - ) 135 | * All above rely on ko builds for ARM: 136 | * ~~Build L4T base image for Jetson testing~~ 137 | * Add Nvidia K8s Device Plugin (with custom ARM patches) 138 | * Add default DB to InfluxDB 139 | * Add consistent password to InfluxDB 140 | * Add some extra game modes to Quake 141 | * Add ingress for Traefik Dashboard 142 | 143 | #### Availablility 144 | 145 | * Make Prom stack HA 146 | * Ensure anti-affinity across all HA apps 147 | 148 | #### Ongoing 149 | 150 | * Build ARM versions of containers I depend on 151 | * Do it scalably and open upstream PRs 152 | 153 | ### Monitoring 154 | 155 | * Add cert-manager mixin 156 | * 157 | * Add grafana dashboards from 158 | * Figure out how to reload grafana dashboards that are updated 159 | * ~~Add carlosedp Cluster Dashboard to Grafana~~ 160 | 161 | ### Organisational 162 | 163 | * Refactor namespaces 164 | * Refactor Apps into Projects 165 | * Deploy from tags/branches rather than master 166 | * Merge [tanzu-cluster-gitops](https://github.com/mylesagray/tanzu-cluster-gitops) with this repo and use Kustomized Helm to deploy to different clusters as Phase 1 167 | * 168 | * Phase 2: Explore using `ApplicationSet` controller to supercede Kustomized Helm: 169 | * 170 | * Requires building ApplicationSet Controller for ARM64 171 | 172 | ### Security 173 | 174 | * Remove all internal un/passwords and keys and turn into sealed secrets 175 | * Remove as many static passwords as possible and rely on auto-generated secrets 176 | * Keycloak tokens 177 | * Grafana tokens 178 | * Make ArgoCD GitHub webhook authenticated 179 | -------------------------------------------------------------------------------- /apps/auth/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "Auth Apps" 4 | name: auth 5 | version: 0.2.0 -------------------------------------------------------------------------------- /apps/auth/templates/keycloak.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: keycloak 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "7" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/keycloak 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: keycloak 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/auth/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: default 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: auth 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /apps/bootstrap/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "Cluster Bootstrap" 4 | name: bootstrap 5 | version: 0.1.0 -------------------------------------------------------------------------------- /apps/bootstrap/templates/2048.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: "2048" 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "7" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/2048 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | namespace: 2048-game 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: auth 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "7" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: apps/auth 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: auth 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/cheese.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: cheese 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "7" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/cheese 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | namespace: {{ .Values.spec.destination.namespace }} 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/ci.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: ci 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "0" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: apps/ci 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: argocd 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/infra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: infra 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "1" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: apps/infra 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: infra 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/logging.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: logging 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "2" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: apps/logging 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: logging 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/monitoring.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: monitoring 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "3" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: apps/monitoring 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: monitoring 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/oil-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: "oil-monitor" 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "7" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/oil-monitor 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | namespace: oil-monitor 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/quake.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: quake 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "7" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/quake 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | namespace: quake 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/serverless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: serverless 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "5" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: apps/serverless 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: knative 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/templates/storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: storage 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: apps/storage 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: storage 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/bootstrap/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: default 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: infra 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /apps/ci/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "CI/CD Apps" 4 | name: ci 5 | version: 0.2.0 -------------------------------------------------------------------------------- /apps/ci/disabled/argocd-notifications.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argocd-notifications 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "4" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/argocd-notifications 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: argocd 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/ci/templates/argocd-projects.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argocd-projects 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/argocd-projects 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | namespace: argocd 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/ci/templates/argocd-workflows.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argocd-workflows 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "6" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/argocd-workflows 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: argocd 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/ci/templates/argocd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argocd 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "3" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/argocd 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: argocd 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/ci/templates/qemu-binfmt.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: qemu-binfmt 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "5" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/qemu-binfmt 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | selfHeal: true 24 | syncOptions: 25 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/ci/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: cd 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: argocd 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /apps/infra/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "Infrastructure Apps" 4 | name: infra 5 | version: 0.2.0 -------------------------------------------------------------------------------- /apps/infra/disabled/traefik-hub.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: traefik-hub 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "4" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/traefik-hub 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: hub-agent 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true 28 | ignoreDifferences: 29 | - group: 30 | kind: Secret 31 | name: hub-agent-certs 32 | jsonPointers: 33 | - /data/cert 34 | - /data/key -------------------------------------------------------------------------------- /apps/infra/templates/cert-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: cert-manager 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "4" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/cert-manager 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: cert-manager 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/external-dns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: external-dns 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "3" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/external-dns 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: {{ .Values.spec.destination.namespace }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/metallb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: metallb 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "2" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/metallb 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: {{ .Values.spec.destination.namespace }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/namespaces.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: namespaces 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/namespaces 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | selfHeal: true 24 | syncOptions: 25 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/node-feature-discovery.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: feature-discovery 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "4" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/node-feature-discovery 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | namespace: node-feature-discovery 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/registry-creds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: registry-creds 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/registry-creds 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | namespace: registry-creds-system 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | syncOptions: 26 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/sealed-secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sealed-secrets 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "0" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/sealed-secrets 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: kube-system 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true 28 | ignoreDifferences: 29 | - group: apiextensions.k8s.io 30 | kind: CustomResourceDefinition 31 | jsonPointers: 32 | - /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties -------------------------------------------------------------------------------- /apps/infra/templates/traefik.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: traefik 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "4" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/traefik-v2 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: traefik 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/users.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: users 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/users 16 | directory: 17 | recurse: true 18 | destination: 19 | server: {{ .Values.spec.destination.server }} 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | selfHeal: true 24 | syncOptions: 25 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/templates/velero.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: velero 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "8" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/velero 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: velero 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/infra/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: default 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: infra 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /apps/logging/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "Logging Infra" 4 | name: logging 5 | version: 0.2.0 -------------------------------------------------------------------------------- /apps/logging/templates/fluentbit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: fluent-bit 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "2" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/fluent-bit 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: logging 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/logging/templates/influxdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: influxdb 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "6" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/influxdb 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: influxdb 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/logging/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: default 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: logging 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /apps/monitoring/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "Infrastructure Apps" 4 | name: infra 5 | version: 0.2.0 -------------------------------------------------------------------------------- /apps/monitoring/templates/dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: k8s-dashboard 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "7" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/k8s-dashboard 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: kubernetes-dashboard 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/monitoring/templates/kube-prometheus-stack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: kube-prometheus-stack 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "4" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/kube-prometheus-stack 16 | helm: 17 | skipCrds: true 18 | valueFiles: 19 | - values.yaml 20 | destination: 21 | server: {{ .Values.spec.destination.server }} 22 | namespace: monitoring 23 | syncPolicy: 24 | automated: 25 | prune: true 26 | selfHeal: true 27 | syncOptions: 28 | - CreateNamespace=true 29 | ignoreDifferences: 30 | - kind: ServiceAccount 31 | jsonPointers: 32 | - /imagePullSecrets 33 | - /secrets -------------------------------------------------------------------------------- /apps/monitoring/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: default 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: monitoring 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /apps/serverless/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "FaaSy" 4 | name: knative-testing 5 | version: 0.2.0 -------------------------------------------------------------------------------- /apps/serverless/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: default 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: knative 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /apps/storage/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: "Storage Apps" 4 | name: storage 5 | version: 0.2.0 -------------------------------------------------------------------------------- /apps/storage/templates/minio-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: minio-operator 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "6" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/minio-operator 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: minio-operator 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true 28 | ignoreDifferences: 29 | - group: apiextensions.k8s.io 30 | kind: CustomResourceDefinition 31 | jsonPointers: 32 | - /spec/preserveUnknownFields -------------------------------------------------------------------------------- /apps/storage/templates/nfs-subdir-external-provisioner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: nfs-subdir-external-provisioner 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | project: {{ .Values.spec.project }} 12 | source: 13 | repoURL: {{ .Values.spec.source.repoURL }} 14 | targetRevision: {{ .Values.spec.source.targetRevision }} 15 | path: manifests/nfs-subdir-external-provisioner 16 | helm: 17 | valueFiles: 18 | - values.yaml 19 | destination: 20 | server: {{ .Values.spec.destination.server }} 21 | namespace: {{ .Values.spec.destination.namespace }} 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | syncOptions: 27 | - CreateNamespace=true -------------------------------------------------------------------------------- /apps/storage/values.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | project: default 3 | source: 4 | repoURL: 'https://github.com/mylesagray/home-cluster-gitops.git' 5 | targetRevision: HEAD 6 | destination: 7 | server: 'https://kubernetes.default.svc' 8 | namespace: storage 9 | syncPolicy: 10 | automated: 11 | prune: true 12 | selfHeal: true -------------------------------------------------------------------------------- /manifests/2048/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: 2048deployment 5 | namespace: "2048-game" 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: "2048" 10 | replicas: 2 11 | template: 12 | metadata: 13 | labels: 14 | app: "2048" 15 | spec: 16 | containers: 17 | - image: harbor.blah.cloud/mylesagray/doge2048:87d15ea 18 | name: "2048" 19 | ports: 20 | - containerPort: 80 -------------------------------------------------------------------------------- /manifests/2048/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | cert-manager.io/cluster-issuer: letsencrypt-live 6 | name: 2048game 7 | namespace: "2048-game" 8 | spec: 9 | ingressClassName: traefik 10 | rules: 11 | - host: 2048.apps.blah.cloud 12 | http: 13 | paths: 14 | - backend: 15 | service: 16 | name: game-2048 17 | port: 18 | number: 80 19 | path: / 20 | pathType: ImplementationSpecific 21 | tls: 22 | - hosts: 23 | - 2048.apps.blah.cloud 24 | secretName: 2048-cert -------------------------------------------------------------------------------- /manifests/2048/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: game-2048 5 | namespace: "2048-game" 6 | spec: 7 | type: ClusterIP 8 | selector: 9 | app: "2048" 10 | ports: 11 | - port: 80 12 | targetPort: 80 13 | name: web -------------------------------------------------------------------------------- /manifests/argocd-notifications/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: argocd-notifications 3 | version: 0.0.1 4 | dependencies: 5 | - name: argocd-notifications 6 | version: 1.8.1 7 | repository: https://argoproj.github.io/argo-helm -------------------------------------------------------------------------------- /manifests/argocd-notifications/README.md: -------------------------------------------------------------------------------- 1 | # Building argocd-notifications for ARM64 2 | 3 | ## Build binaries 4 | 5 | ```sh 6 | git clone git@github.com:argoproj-labs/argocd-notifications.git 7 | cd argocd-notifications/ 8 | # Checkout release branch 9 | git checkout origin/release-1.0 10 | # Edit Dockerfile to remove ARCH specific GO builds (will let the container build based on emulation mode) 11 | sed -i '' 's/GOARCH=arm64 //g' Dockerfile 12 | ``` 13 | 14 | ## Build containers with buildx (locally) and push 15 | 16 | ```sh 17 | # Specify container image repo 18 | export IMAGEREPO=mylesagray 19 | # Clean up buildx before first run (sometimes fixes weird bugs) 20 | docker run --rm --privileged multiarch/qemu-user-static --reset -p yes 21 | # Create buildx cross-builder based on QEMU 22 | docker buildx create --name builder 23 | # Initialise buildx 24 | docker buildx inspect --bootstrap 25 | # Build the cross-platform container with the builder and push to repo 26 | docker buildx build --platform linux/amd64,linux/arm64,linux/arm -t $IMAGEREPO/argocd-notifications:$(cat VERSION) --push . 27 | ``` 28 | 29 | ### References 30 | 31 | * 32 | 33 | ## (Optional) Build containers with buildx through K8s with emulation (slow, broadly usable) 34 | 35 | ```sh 36 | # Specify container image repo 37 | export IMAGEREPO=mylesagray 38 | # Create K8s ns 39 | kubectl create ns buildkit-emu 40 | kubectl create ns qemu-binfmt 41 | # Install buildfmt on all nodes using a DaemonSet 42 | kubectl apply -f manifests/qemu-binfmt/ 43 | # Initialise buildx on K8s cluster (uses current context in ~/.kube/config) 44 | docker buildx create --use --name=buildkit-emu --platform=linux/amd64,linux/arm64,linux/arm --driver=kubernetes --driver-opt="namespace=buildkit-emu,replicas=3,image=moby/buildkit:master" 45 | # Create buildx pods on K8s cluster 46 | docker buildx inspect --bootstrap 47 | # Run the build 48 | docker buildx build --platform linux/amd64,linux/arm64,linux/arm -t $IMAGEREPO/argocd-notifications:$(cat VERSION) --push . 49 | ``` 50 | 51 | ### References 52 | 53 | * 54 | * 55 | * 56 | * 57 | * 58 | * 59 | * 60 | * 61 | * 62 | 63 | ## (Optional) Build containers with buildx through K8s on multi-arch cluster (fast, requires arch-specific nodes) 64 | 65 | ```sh 66 | # Specify container image repo 67 | export IMAGEREPO=mylesagray 68 | # Create K8s ns 69 | kubectl create ns buildkit 70 | # Initialise buildx on K8s cluster (uses current context in ~/.kube/config) 71 | docker buildx create --use --name=buildkit --platform=linux/amd64 --node=buildkit-amd64 --driver=kubernetes --driver-opt="namespace=buildkit,nodeselector=kubernetes.io/arch=amd64,replicas=3" 72 | # Add ARM64 build support can also build ARM v7 and ARM v8 73 | docker buildx create --append --name=buildkit --platform=linux/arm64 --node=buildkit-arm64 --driver=kubernetes --driver-opt="namespace=buildkit,nodeselector=kubernetes.io/arch=arm64,replicas=3" 74 | # Create buildx pods on K8s cluster 75 | docker buildx inspect --bootstrap 76 | # Run the build (note: this only builds for arm* in this example as i only have arm64 nodes) 77 | docker buildx build --platform linux/arm64,linux/arm -t $IMAGEREPO/argocd-notifications:$(cat VERSION) --push . 78 | ``` 79 | 80 | ### References 81 | 82 | * 83 | * 84 | * 85 | * 86 | -------------------------------------------------------------------------------- /manifests/argocd-projects/ci.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: ci 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "0" 8 | notifications.argoproj.io/subscribe.on-sync-succeeded.slack: kubernetes 9 | finalizers: 10 | - resources-finalizer.argocd.argoproj.io 11 | spec: 12 | description: CI/CD Components 13 | sourceRepos: 14 | - '*' 15 | clusterResourceWhitelist: 16 | - group: '*' 17 | kind: '*' 18 | destinations: 19 | - namespace: '*' 20 | server: '*' -------------------------------------------------------------------------------- /manifests/argocd-projects/docker-buildkit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: docker-buildkit 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "3" 8 | notifications.argoproj.io/subscribe.on-sync-succeeded.slack: kubernetes 9 | finalizers: 10 | - resources-finalizer.argocd.argoproj.io 11 | spec: 12 | description: Docker BuildKit for K8s 13 | sourceRepos: 14 | - '*' 15 | clusterResourceWhitelist: 16 | - group: '*' 17 | kind: '*' 18 | destinations: 19 | - namespace: '*' 20 | server: '*' -------------------------------------------------------------------------------- /manifests/argocd-projects/infra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: infra 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "2" 8 | notifications.argoproj.io/subscribe.on-sync-succeeded.slack: kubernetes 9 | finalizers: 10 | - resources-finalizer.argocd.argoproj.io 11 | spec: 12 | description: Infrastructure Applications 13 | sourceRepos: 14 | - '*' 15 | clusterResourceWhitelist: 16 | - group: '*' 17 | kind: '*' 18 | destinations: 19 | - namespace: '*' 20 | server: '*' -------------------------------------------------------------------------------- /manifests/argocd-projects/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: secrets 5 | namespace: argocd 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "1" 8 | notifications.argoproj.io/subscribe.on-sync-succeeded.slack: kubernetes 9 | finalizers: 10 | - resources-finalizer.argocd.argoproj.io 11 | spec: 12 | description: Secret Management 13 | sourceRepos: 14 | - '*' 15 | clusterResourceWhitelist: 16 | - group: '*' 17 | kind: '*' 18 | destinations: 19 | - namespace: '*' 20 | server: '*' -------------------------------------------------------------------------------- /manifests/argocd-workflows/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: argo-workflows 3 | version: 0.0.1 4 | dependencies: 5 | - name: argo-workflows 6 | version: 0.45.16 7 | repository: https://argoproj.github.io/argo-helm -------------------------------------------------------------------------------- /manifests/argocd-workflows/templates/argo-workflows-minio-sealed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: argo-workflows-minio 6 | namespace: argocd 7 | spec: 8 | encryptedData: 9 | accesskey: AgAHCv4c+yUxPiM+dOWtKT86DhqkrvCltaD7DjBw7atqc2uOfEftb+wyyqadeMKh056Kchx6oaM0/9BGt8qyNF/gJMcc6ZJllGX9iyBmCuAXfsZ3YAdqBR78B53A/plXl/ABukgx12Wj7HizWv73G33bgen27qK0JTMyd8NN14ZxcooxWYas1UHVGbdAUrkmHux2cf8kzkx3jaBxL0+H0x9I/XY1b/D+syBR7Eg4UXxba+Ihe6HM7450DIpz3YX/fQ5cBMRHK0DRfatw0YNQf73r3wZ+IW2MTp+30PNHyw97hTk6g7H14zTkePqqQJzNjBJTI4m9K2Qk7LL0UN4ddcekP58frAr9OeZMCZIGaRBzPCEK80O6Yn0pMf0Qq1s+/5899hFDRogk06GyIkr0cG81EeDqEfDVAKD61ZrJLpvlG3CTosntzqU0FheanikLNoYHVDHNHEl2Ct12DFqVhK/564bR5cvEXCJjBqpVs/8lMJKOaYVgD0qFqAtSlrXVBWF5dkI+P27sKT5J5SCc+xtKJaYYkXXa3NxkmyeztR8FGwAHYGmzW5dOsdnwCHOqw/3njbBu4oFUUbErLAPo/OrNRsd9rjG3HEPIL1yW+uLXU6EtLD91EeNJIwC2MT6+uL3gV1ToUBR8gAl1n+wjlil2bQSRn8hL+PYHuOICFuOA0P91GWxNjwigWgn0Mqv1bYBO/j1ZPVril2incO2RYblTjVi5Xg== 10 | secretkey: AgBbjBfaUegRRZIIP6FIzYt7gNMpAn6jbAYIdPCSN7MAFYyoeEqIrUsnpOX48rzAWjjIlrQXycvK2zUhNIEb2Smuf30wcJpuWN6NNgvr6ZBcW5+MYjMnkCJYYnPY5FeeLrI7S+YCnkI+DHYtFjMFANwuW+S9dVX08lIDXSbTqshs8GBQwOEqZqt87g4zrhK4iidQP79iv0gZwdwvHqBy+WvuIYCmw6Ft0sGWFRWDqnTuNmU2wOCaGVM6aXxsaAplxgfRZybA8P8qwDvIzgzhQ1mK5hfKa/dw2LCzixN8XX6EpRTCTx28PhDhhF7pjMujRr7CJVktbAS902c24VSVRTrMk0pB/uCqh3P9s8ePmDq1UsfDeFKd4UEFk0zz++F/Byhk+dWOCbuP6VicK5fHJMkJmvKiIHj/vQ+bQxTyzInWjbCTmYJUZPXqS0ssDDqmYYwucPA4/FWx/uUu31ZQUrbnX8aWndAoJz6cWKilC7wet3ddVR7WPO7ip4vgqCJaADQshM40IVWmSkbuV37CwTTUXgSz5AJutc5MTQIq6CYmEsX68jTAbZiapJkiLvXzXQiPtxE/IKARG8RpTVVBI3gCe3a13aUvPqFYICnRZdpecHIxZXzdAZ3KvBqVc55n4sZtlzBnwpaofjeopLFKL36JiVR6BMJ29c6XD2vqmLXJtDR3LATmD+c7f2SpVAW+z28Vsz6EDmAhsz8FK4EeItsi0a1qcUCAxJWoZaKGD+dB+jYZvp7gysJG 11 | template: 12 | data: null 13 | metadata: 14 | creationTimestamp: null 15 | labels: 16 | app: minio 17 | argocd.argoproj.io/instance: argocd-workflows 18 | name: argo-workflows-minio 19 | namespace: argocd 20 | type: Opaque 21 | 22 | -------------------------------------------------------------------------------- /manifests/argocd-workflows/templates/argo-workflows-sso-sealed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: argo-workflows-sso 6 | namespace: argocd 7 | spec: 8 | encryptedData: 9 | client-id: AgBSVOh4Xt7h5WbanuOG3fzqV7xTdksEkNFRSzm5N740QW0f9306s3qu8LRiEEnzfeic3jlLWQr+xLg9zv8CLGXeZF72fQWNEs++n6P3efHW4O4ZAmmE/ZZ7eU2mErrxuNfkLMBchTEz2Az3EPYLmWQRq5neVnjVvzYmmLn8vaoPAyFZIVNWpaCvaqPUQN63oGxVm79uoLFKbLkGq4e6Y12QldVJR86ojLMsVKbGpApIVd/mgSZDWUJHN8hfh43/Y7erQkpDjZLs0kQrM0T6wPNSMVTrtwOyk5cQWsNDqWc/G0WYhC0c2MyR8Gwkf21XmB0Kg4V//RahFtOrIy6SccfU6HhBZlrUrNiHg2Rj1X6DaamALgcZIyOpVjZXMrkcmKNrIY2mdGhFRmPefJL1Yn7+skeRC9b94wDFvw/zVtGBQXgwvzKwZcyWWN/ORQ1du8Kuy4nhsE8hTLPW1CT596Vw3AwmUTOWCQEsVyXLvL1j3jkibDyEXWPrATlBKoB6b+9gcHUA6nnqi+HKB04X8yO2rzvOUo6R9X+V8rXjs/XvBV7TbSPxQrIuACZVG5rbt/CPQSmqLQDI+Re0EfR+0b9Hl9riRfmGpD/oA5v5B31UqMd9g4c0FxJ/PWSbiBIa5vbI2o2UuBAr2of5/pPRIWNVDG4d91OXkKMTqcLBHHUXO1XTMuVD2QwAdL9hMkq3jELddEvsJC1lMK071Goh 10 | client-secret: AgB9/MDbTpOVdLymck0lcXmyyq1Dlg6oaAK7WycgvEZ97LIrLjmLv/JCg6JHPxATY6KAttN0RmfT5KIq05lHLZaYgCZiAJ4gR3ufbgXxj41z8oEu9+Jeexf9E7dbj5cqqiHF7TL+wDx/sNToZrrLzCxLRjqj4W3cgtqqCDB14pu+814bqtSutjd/X6MpTwn5p6yRUBSOzXizZ9lSknEATgi8KHcM7+MvRZPhLYMg9DKiuanxE7xVVLAG1OqBdELoVM+2qbXtijJC6WJbghVLDU3tThC3UDkvBw7sTN4BNsITIZHxEZFfQsgN/qf6UjrvILdkTMfbPj1msRgIHw4t3d0S4X5uGhpCyLAi3zaY5dWYynxjqQRkKM5DCWrMPuDLqk41rf/B0aAx9Bl6Pnpk31wcD/AYmvgPJixDF6ZCbBYMM1F65BK8xbTqzShgwwzDhHekMfIE3zHHOGOCeHLOCNKTB6Qyi3MALLiwwHSXBfb8MwBqcBx2WpwbhqLm5UIcZVxvtw4atBwoxpkziLnjdCRvW3jhLjUorDYvdunOYOQFz2cJ5H8c/x+umw1l5woptXd2wh/XwHxW/5ylEhDx1I1XZlSw33qQfviaOBgqZd1pOpBt/HrNPcKN4rnrCoGIoXW6XVvbma+opTgkNUKKuHsn7nAGwIbWku4XrNXK219ukBqYRaJcaNZqRjaZtLl7SOAFEQdrsuoxk1mwwemcdfUPul+5JUTjadeiRMGsMjP0gg== 11 | template: 12 | data: null 13 | metadata: 14 | creationTimestamp: null 15 | name: argo-workflows-sso 16 | namespace: argocd 17 | type: Opaque 18 | 19 | -------------------------------------------------------------------------------- /manifests/argocd-workflows/values.yaml: -------------------------------------------------------------------------------- 1 | argo-workflows: 2 | workflow: 3 | serviceAccount: 4 | create: true 5 | rbac: 6 | create: true 7 | controller: 8 | metricsConfig: 9 | enabled: true 10 | telemetryConfig: 11 | enabled: true 12 | serviceMonitor: 13 | enabled: true 14 | server: 15 | ingress: 16 | enabled: true 17 | hosts: 18 | - argo-workflows.apps.blah.cloud 19 | ingressClassName: "traefik" 20 | annotations: 21 | kubernetes.io/ingress.class: traefik 22 | cert-manager.io/cluster-issuer: letsencrypt-live 23 | tls: 24 | - secretName: argo-workflows-cert 25 | hosts: 26 | - argo-workflows.apps.blah.cloud 27 | extraArgs: 28 | - --auth-mode=sso 29 | sso: 30 | issuer: https://argocd.apps.blah.cloud/api/dex 31 | clientId: 32 | name: argo-workflows-sso 33 | key: client-id 34 | clientSecret: 35 | name: argo-workflows-sso 36 | key: client-secret 37 | redirectUrl: https://argo-workflows.apps.blah.cloud/oauth2/callback 38 | useDefaultArtifactRepo: true 39 | artifactRepository: 40 | archiveLogs: true 41 | s3: 42 | accessKeySecret: 43 | name: argo-workflows-minio 44 | secretKeySecret: 45 | name: argo-workflows-minio 46 | insecure: true 47 | bucket: argo-workflows 48 | endpoint: s3.apps.blah.cloud -------------------------------------------------------------------------------- /manifests/argocd/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: argo-cd 3 | version: 0.0.1 4 | dependencies: 5 | - name: argo-cd 6 | version: 4.10.9 7 | repository: https://argoproj.github.io/argo-helm -------------------------------------------------------------------------------- /manifests/argocd/charts/argo-cd-4.9.7.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mylesagray/home-cluster-gitops/180e98930417ca56f48a36c0fa18b46e2448c9b7/manifests/argocd/charts/argo-cd-4.9.7.tgz -------------------------------------------------------------------------------- /manifests/argocd/templates/argocd-github-sealed-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: github-secret 6 | namespace: argocd 7 | spec: 8 | encryptedData: 9 | password: AgA86+GrQTXpNePMQFHVbf3CeEHapYFPEtnji243O5DXdlX69eGns9sO6n95afuX/mag7irj99dVQR1O5usg4uehRutCARrWu/5XuH55YQDGSFuU7LDtuThvQ5506SzRkiACtry4u6VbQuDSxwMlFhMnFGREQo0Z3sjr0eWkmmkJvsTSeu3VZIbDGMOkHDOyAfPlpmlFh0rAfkk/xx0U/fZU7zuNsdtyQMxY3bPmtbhQ6gm80fxiFLQwHQjy6Fjf3tzjOv2GoBUeP1eT67HzwUkedVdn89pm3RyVZUtNTGUmZwlhtKu92kmb7HGeWsCl0G9g8LbMrBRxq+n22wP3WClQJrYOUgkY593YXDxcPpRir3c1zBOIGOfhg55r2D0Vyyp12jj3WC6gL+ZUi9uruDLpeTjfRht1snsjw+NN7qP4W+tHdCDcQhs/RgF4DSsOWIAOnPQWtvrPg8hEWGPe+SM/Z6YSekIx+0IgZPPABCwB9gHLmtztqb/XzgdlO/831huq6dxZeZQc0b/o8HZJLEfYOZZt5IMzVYNRQQNCQzxNncIXSQ7dkUP4YAyRzCsWQfSHgrn1BcGrILE4oSJyENTj01LyzLLUG+Dq/oeV5Cn1d2dAkeNRM1cF5yPTlVHOOq2aanWSQuRCTf2ZzfS3sua8QjJP9U+NGi7IvagGV7xOb6sj6GJgd4JIZji83KI8O+ffHnT+Mzap2I7bRpywORtz5cHnHHZjXOoHjUvk5yfOLVEF0D18ARQW 10 | username: AgAz+GNqCjwNY+obbhDwY+KjbuCbklUOBKxCjVZOFonrQ8rbtXL117z3YQYNXVB78VoTWgZpvZIjfn2M+ie+d+l11ONqwM/0zQqMYDzH2n+lZaxOA7GClQe+1mRu4qzkuQDH/MCfWGyujeL/QxfcHwgVYIHPFOhEpFUCH4y+pX9na2B/fOLl+AqLbo7esPdm1KcPj6dTlY99faxWZgo+JzX38aOz+zeQS3cm6nKcCdyumFlXzaXKmlgzPSYFv0Aiq5sHcGfoescuZJFc4xtXH0/lil+TR31vdLhSTgLEHFOtzTPjvgA+2dtqR9+r0T3Ze8rSZnBkChQX3i7UzZA+Yry+biKHFVrFt8r3MOCORcZcAa3OJjgbMj8oAIdXahLEV6FpBlTUVbG6ywu7a86QmH4grpBeHiY9QCgwplqpCV464j7xuHfom9CS9DZgXMvcNClYkCo5jYP0Rzl3ZxrmlDi2ltu7RELRBDbIQmWRosXEmIxov6dPkKqkxXqjM4VgB7Mc68szFPwex4NH5AdqGPW+GK8FGJ5VIeIvJdLyHgvQAlV2MuSKLbPvikQL9ZpVpmsDTmTrzO/eKSg+4ZOWktkBZU7p7NE7ZOT58KQDx/YwxoRJoM59migQXVolQexgy4yGOWQfpLIRnZ1wcTTLWm828u0ziv5O24/C/lSIKLaX8TvVRYJ3QtcrElKVJy3eXx0RKbbqsU1CdeR2 11 | template: 12 | data: null 13 | metadata: 14 | creationTimestamp: null 15 | name: github-secret 16 | namespace: argocd 17 | type: Opaque 18 | 19 | -------------------------------------------------------------------------------- /manifests/argocd/templates/argocd-notifications-secret-sealed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: argocd-notifications-secret 6 | namespace: argocd 7 | spec: 8 | encryptedData: 9 | grafana-apiKey: AgAKXTl+r8qHESR+nnPQJhNCVKfHEDxuSyGyc9CoouN9bHC6qgdECNS4rSuax0jFnuimK9QIOqa09p7JNTUyKIEScqnPtCPsmglb1DzT/F2272ef3SOPYVaElX79SyH+0baPF4rKR3PzFa515gD3a3x6obKXsApliD8CYZovCqJoPXzALnqpKplsUZjQ6K+ITw3YzNWm21bMI7U52Iqz8tYHL7GQVTZm8NLH0XUpKP9ukbfJy2+fUtr6R1xQ0oNce/JyrxorRmZMzP4iuAMO4jHdph8ozrVCcemqdkZDZc/+1bcN++gYMuTjFKVdWTaOsbA1HLci06kpjDICJN7mbmN9E0F3N7QuOrX+Cgx4e+nKUUEdifcg3Y5W58CdVRl9o8dGcoyfCAj9teMFwJOn2UdRw45rkL9ASgS4iE/msnxaAZvsDX+fdGcm+EM4AEtxn+bs6dtQUCoLjrXNVTkg1SHcQ0hnekKZ8cN5jlROubaOoy/ra+HAW6qMnRmZBmxq8aZDJR5IjOAT9KqoKDxS0I146g51Qt7fsOy+Grilew1pP6hQRVQK1LlMzbW4G/tahxmV3zrTS665uDwpl0CvXIcETZ9dnkBQZ0BNmtY4K2Lw53Nq5PdhE6OYBxN5E4RkkfjtqNoyTiTU1GRnkNS4tiNd8tD3f3U+KjccYLrgosUln6lMoFkMzngsFKuZDuohngN5QXenxIBbfKTK/ngw5wucDoSMQyPr6E7oe5AyYfjC6IPe4Hkcc++9+nYThj9wO9uTR8Jm8diOusjLISuU9SLAZB3qZmBedgBCnhCQZfQ3MMVwVm/ZsB/d7HZQIBRqM5WlcrZu 10 | grafana-apiUrl: AgAT4RDrijAmA+u0TGGbf3G/Zth8rpfauBsHdekwco0TWokDExyOv8N4AqyZcX3rXw+pCqclhLqxMrz7P9QwyPgev+moq3IKOI+mbP+r1hRonvn43cpaW23cAY6lMYcpYWvJYSItbadaokGWKXUtTLprMd8qLcAOaQectXX0gx21dV3LZbMwyQaB3lK6rW10MNTaHvNtUwdBsEMw3ftpefvIsrgkigOtebNvR2rnMyCes1RKHjkKgWYuvwBMkf1ODhZXYkXstzS+LG66VAYMcPclkSKU9tIAnt8ccNo5BhAxaqGR3+kxDbS8LAsUosEHTzie05c3tXOKLfU480NZj+c9+jStqeXiC6xIb4v5Yr9knvM2P7uZAq8dcsVb/KqtnnI7TVvIKY8xnJheA05Jx0fFzEPlMiE9s4tfXoEA1Rq9Y4yWAAIUX2jcJcd7ZyeAhISomCbTgo9G6WE1EGb7foU7myQ8pOOppsm4t7LYxIcicGgnHFzvx41YNadvH3yhR44rHnLoIrcmansT+Xj4WEvzQ6SW82fAQAZqIhVC3jU6qTBP3UBnSTW6KsqPbFIpEJPziOnF3fFcN2o3wD/B04kcLOVSj7qPihFFxy1VW2qHlVpspsxrjEuC2yvlmWja16lI6GHcDnSKXMpK2z2ngKfygjldNe3E9GFUfbWddWwDYwxAMBfkH5bPSK23ifO4l7nO7SzQDPkPtJKpYRWkVYedY2mdjszXYR8GsYsGWtOaQ2u8Rg== 11 | slack-signing-secret: AgA0apaYS7GpRYtPpgw+xtFSRENK0dRyOYeau85ThyG8BoDGeHLpjUmNZHPz/yyIiwrcEBIZPF2ysCx4lLFh+JZbfwWvPmKi9WCe/I+KH0ZF7TgB0ZVdIpKTuGYdHBDouP0KSfb8HwYLsc7WO3T531/q3ctRllz/L3aisHPYQnqx+AjwSqlt3VMWXuT5Unmr2kTCikfYJpO9wiTIIAIT+5m9pxIrhk5sgInISay+Yqy40pCenN6ApE0Yg88dFGH8GeLvj+HmBquw1xYKIF7rJgVVF7xwuW7Moo3B+VYOCCScLisnf8HCnAVD4rS1aaGXlKlKG4jZNq85zV0tBhhRAMs6wFSTa6Nc3xyMJU0E8K9Ux8OrmkJQMU6unC8DzhHCBzq66HuHbhWh8pGXYGAseTj+ihJrFer9pTu1fqGzL1nw46DK4vIRUWbK/P9hFpVljmyROyt34P4HOWf9VHC27jIUzjLD9ym6BZCt8CIxryQX6QjAX089L/VZ82j359AwY0GHdPkVtvGUYbNbeSWXJHaJDhPJGT589tuOZ9eAjbwlj1OPpDuut2RyYdNflxw8dUXu7gBcE+uXVJIm/1/G38PtbWd8EB81YX6NvGN9Sx5clK/idQhGPGR7aGgB9vEOSmv5vSNE0mUJvWwGAlS5i2jGAR69jvVn8ydC+Js8L3yDlOIe1RZhT95n60ucNx/Z9IvURfhT2wAghHKkdm2HlhdgjMTv1oguvJI9NRmkR2HdrQ== 12 | slack-token: AgCPrVTOg3tzZV65Q+h7EyotZW+Wo5xnKAAbfR8ILc2krr+bQGmPaXxFk0MlxWxhx5SDj2Ad6/Gkwd5zOF3XHKb8U/QfXpVSMCjTvnorjPj70dggTSa5KV8kBQ1W3t0Ogmo7+jA1uvv7aqwwRimBR8Yh3aUgZ6jtOGPLHOQ/irG9Dyt8WHMfI2V5d3ACJrpDVvCJEE/hyGpP1qrOOP37mPSOprbS3kx8P+ArdrV0DJSOtSi9t5DvcsSILJNFWkuRJQOVlMdu3Unc7tliy1RutGQdBQzUm6oU/VDe9ELzOs1JHBCXEEIpp+OQuOH7Ny9+OZUGY4wcJQAbqwuMQKpxKWhQnvXVHv9yogAAkRFUTXK8nSaWk4g5E1zpuBAAlqYJiERX0IwzPv4SeTea/V7vIO95bZNTOAICB398eh33jvW8MMyPiU6iBc1+f9ppgaV3Sxn5kWRRsGnZ02/BPBTGAKNvIHWNvPXPD9FXK/7FMiGMwHFEDdeT21cqahYwlkotwqqMcwUm7miPWiphVcpeEMuRTt88PF5Rl72xxT9dvwVwrHMH7gcOo+F1vBV1yZ328kh+f9jAUFZwLKid9l+Qf/9u7CVa31qhKkwKEB8Ve4cdL9va3FH+TfRyPMgO4il4NlTpMeYyOfidfFIzTK0DWEyDBLMNHT0GPs8wf/7lJVKk+8yM2OJqooDtvogXRGdwq4a2cOulH9BXatJLCD9nNyw1CaknUqKliwdvBQH23zVtHKG4tj88sj4HWs2lSEYsKYkV6ygfLP/9 13 | template: 14 | data: null 15 | metadata: 16 | creationTimestamp: null 17 | name: argocd-notifications-secret 18 | namespace: argocd 19 | type: Opaque 20 | 21 | -------------------------------------------------------------------------------- /manifests/argocd/templates/argocd-rak8s-sealed-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: rak8s-secret 6 | namespace: argocd 7 | spec: 8 | encryptedData: 9 | config: AgAfs6ZDaeaY6Qmb4mQ5orOkHg1iXYH/HCpKTQRNECTcMu3I3ZKYm4keGIrYJ2gqLQdrJkkAjKC2+H42SSdi6d4hFtZ7dxug+1h4K1QI9zR3MPCg36G/eIZpqmCXWoovrbd7rUJl/aBAj3kCGIuP4cCPMeAwoBbQUdQgzSTxeaB1kMRCTmgcsVQL7C7ICgdh8+14BHCPKnN4syvZlWd8Z+yYW/Fhbyomd/41BOAtGmoC6dDjTQhswZUI5fmBDSPYAZACsOqcdGLOz+9DSG82j6hJibpcxxrfGznq1N/rlfUO2dLuKe1XOEZc7T/rFZ8umkU4nsOrQrfuEHnB+RJibMRipYjKMJ6Dc6ND6PPMhemKhW1JjdLIqCu8TLmQmK0uBJTYbHwN4sNeiH9Py24fA/KCuJLJoV/wVVqev6l9ZoT6Kt4dxRrE7WfN6oyz8Jkj+Mm8BdTeHCxtcFtnsnP/pxbgd9kMwaHHHyfhFxOXKnkXcJbIzUF0G2hOHylUy1VFdpezW/2kaJxXXej70mTYXVctRaSIBxVzJSiiOf1lRL2KlT9HzfRGQJcUBRWczVGunb6Px/Sq7lKHBdwHlq3Q08U9U899l4QSnCqN2U8Oc1SeYDdJdaL9Fed2jrJmAuih0FytDPFTnKsLxTLuotPDghY6zrinTbmxylrw13P/jA5f6oE0pbpw7CUIz3G4yw6IsxzzF81l0rWrQf3oxXGMsBoII51efuoGWsNhHuPqD3XwGUUPZFUZclu+/4HnAlTSkLI3mjVbq0dCu/D18Ni/5tj3CRPyUHyUQ7tTiN3LrDKPbii1m0Y+6QBahTjfJ28F1ajWvZxWh/6IVsrLyB9sMHX9Y/JbaOIMif+n0rmuF2XXILQjAJQiQ0Q71JjbVgABYGMcl8c31DV8iHsa18Yrov8f2XQYExsfbVRDssLYAOGiXVpMIG4NEF/XtQNmbzlz+RQzcE/uAtLyJ4J581LONT7ofRbZ3FDw9/3sHGVEyj+mYWvW+WqaSEJGUNBliuJdV97FoYFBFdVgF0LsD8dDaslij7k2MXLZZ9dqfvsTuIRHRJX8fUFQnr37V4NJFoMk1gp/ImU7+52x9rBt7Ca2+sGdkoSGnJa26wx7f6SRTgQD3IIDK0NyJJzkR9USCed7P7EZyEvbVJbntzeO9vrLAVRwpiTAvuvzIQxJ4tOsCcM2164bip/+BkH81n4Puy26qn7zjOen6tPL/SAaZyfYpuL3iv1sdeauivhJxP+xnUbBtPUENKRkUf43fdm90fKD8xGCvpxp8pOF7YEyNnnfC3Y5obvqTncokoKzi9LLPBcXOnek3PI/tERUFJ6hNFz8P3kTrDHO4Mz1mrnp3eZ5iSA7IHEqr2FhHtcMFXl17K4GKvuh1PcMnCf8ZYi0rIXmLCVflnyCMsaZdA3ik9Vdk7KKN5rJH2kqH3/d9fmo9PD6fVtbMR/p02JNgX/PJ4t0ngoVYsjvumyQoIWzHlEnQBubzWuYcqtCwF2+VNs8f91Z8EcMxoA425Fn0jf4SvqQaYiRddlNtvp8JklJAsza6CI4N3k1pnErM6k+w6mdwnHOg8M5FJCoZA6ztbQQkmwRb42SqIzR7BPK0ku4H6PcmdG/MozWtmEoliP7lht9uhzEsp4wOp1rT0Q1yAcBZFj4j7SDH6N56RK3/PTOCHGA0q731JOZtAE1Gj0TtbiH+JLH12nx7dwh/IdsQpI9vH+iKVqQDbNsK5E+Ip182FKPCGfMm9laDBaN+8AU1ZGccQQqlOneK7tbmqrjM0r0agFkx7UO0RDNDvATdGSthcq+eqtdT44GfJCgZ0kA48DPqmndy7zSPIVLjZFqmuOfUEKa6fjNo7k/hqhn0Z5bYke7TcVxLUutumr05jFXeERhKfhcgDxYplSuFzBzr3FjMCNtztKgIRxxMKrAj6HCqz7Az291k0/qjkU+HK60YIgG7PJ3beLRr3bSxX8yvNoXWYhMPlgwi94pVbs2RLdlV6I0Iu9YPh9LFj1Y6eAVALJ8MY9I1nwAD3F4YKRlN07i6pl+is1mLpORVyCgtyw7sjw5ol8459ffiwG3f6hDZt3vriw6AafyYgP03lhvo7qnjK8Cowe3DHiNGToyzpXw813snog8pu2MUZU5xc03L1FF5sd449/3yQBskqU1Na1gUskej+UON2vtjEL2naGOf4QbdiNhTxG6Cac3eTqVXhvHElB116H73ap8bclqD8FH0mIUEVVpdKonkegpWNhsKgyUft7Xzi3Ybkh4yfD5qN+EUNbcMmaTqoHxe/TMIjsEEUrYABPw7f4btBhsWnoqqIAYinodj0nM34cokktLM+cGsjOaNjXtLe+x/yZIEq3ul+R/rntJfbOyfFPBR+rQbZlNo4iUWXHIKzKTnINwdHkpSmvIho6QFz/YLzOkz1KP2JoA93dpIIyeG2QlBuHtbew5cCI1ackZlWNhH4SJcHsb3JKrrGZPOwa0dthbQo6mdw4/vtdJOiWpfyyjD/SJTiaThgyuHxrpeT0sc6zNoAx0k3Mb5dJOv05ibKhg61Mn1QID/Q77dsjScZ+80PB82/Cg1YvatW4wtFgTxtTAqg9b3Lk1Ky6OGt/r246Ee6yA0wkhZ3YfeA0/3u1c1z1Ff43FHfgi7HofSCtZMG4eCjW3qZC6iIBYFldsBJ3EQ3MV+jeCeVrY/8vpIwRiK4RPEdsAi02+30Zv2RbZYOUqvwZucS0JI650s9rbZZfzhFEG8d9M2WF34sDiTOElflTGlAbePd1ETJA3EGbdu9IO3DZQ7TF21WYPFXwKQsqWZdZ8Rz4IzKzK5aKvx1cnIqUopzOzk7FN4r5ZsXdWOkYMLOyJODgQBdaN3A8smgthsk7xRodHP3h3w8QlpgbgRq5db32oJtq/IMlA2Q5jihR+a9ffnE94yGzmzBTAx+N7Kw8FZaUH5Oo6dYeQU1DbLjSxhUW+BnTA57ltwO5pnNRjx3xQOoNGT+W7Xd6Wm/d/Fvl/CYWuzm4z9bh/WJd3vBgmJ4O8B+CrUKJCBpUGL82NXL4ua3R1EGde0XN+E/79SlrnrA5MAyMR5uA05NbUJVojcH4oFNxM3s4Y/sLBH+5VKBtjxwh3I6BAbPkm1OmDIAKHdySWrYYLrYvuxKr+VxpzSYD2v3108QTJDcoGP+SF47AgHTLkxdUx6T64gKJpBiG10PWMwPGp5ayQl4XAAuyuF65encsg0TIhUoLT8F3XZGEWgMN0gtao61sRbLkUYF/x81tfjYns5418ewWG9BrNEojA9e3u6e7e1keq1nmFTdDhxF2lYZy9gHPqNpyMWhjRzfwJu+GHGiw6K6LW3C3BBSDE4HwDR3oTc1b43ZLChRB13bltmuEU7W2I70FXuctRh4bsW46bVKHBiotQ2S96CmCOsnfBlEFef31L5HMguDDvxKBfQ5uL+rWUBxqLKb/ZxbV+XzXAOVj0Xz4nshN0+f6XyPIeAbvCb3s8IESqvHRvDUk1L0xpX6SR41PDlXmf/6xgiPnN3H4WODWxTeLQ7lBtkUUoMvT+V8Dr4gpXIh04xLqJjmGOTBDORdhUEX7lL6bXMC/rYAhOE2Pn33oKG8dJQGCRbMJThvWDhvUGwJC6bbS14PH81dXOrK1CSouzioaKiGCcXLQWbmUFf/mifcUj8+ZRI0Z62f43Q6zCET+Vc25lrfV/Gse2z+DQyccka8zkjHdLBqb93b7I03ae+HvvGoJ7YcxbZEy2ZDWw8Ez6nCSmvnGAfTdUJEUj4PbcVexE1sFp3kEIJsEslH3ACyLBYLs4MtcWV4fgMmTIp5xgNexdtNSoIZPKKVEi5gltxpal5dyQ9RFXqlXOC9oEQOBHWS6j0P0y1SbS5ySB1JhMT7kjDp9+L2z1aOqys3r9tGN0C8fcbmJrlM937D4vn4OL9G9Wc5Jd9qLA0cGEM6oe9hK2NLeIhXw9uj1AkUZpBxN4/WmKuwWxCTXNu37TWgDLQUtqSZ5Hjg+vIPr0rusueegsC7mvFsXzSV23oAb0CNO7n15Ehf1XL4QtRdJNcZMIJXz23LabluxfsVI4U9YxCCyz9rq6YzIx7sU8ImYZqF7aQDEvXsD3c8mP1y/SAPpcX5L+EsZdzEYc2Rqrbj1YdNbE6uc4jNAU0blpX/f1MqJyMaBAHg7Ut6BVcveSPNkwBBLMk2SrjQ+vv4uNvOqyYLd2RndzorbaeH5GCNcEMWsPQhPVOHNCQaaJzZhFwgIzkcslS4RDbrtFQB8gwpcGOBAN0vk2LekvzVa/7bkzEVd9e/RwwxelkcbLol7x/WJtDP+KWFLEHV0eVcqCWuV1WXgBQ7hhyj+FaUuLM40Jf9KGNC6xOxFgFIl5vEzONavYmmjvTFvWrQdTHdj7GvMmhug3ZSYcEwKLulB2N7Evunt2r2cjBV1pBY6qWzNRcrrCJ68uVByOBKNUB1SKzb8vhkwkTug3lOiiQrVGTVU9iO9pHt9n/87BKFPa0QIqx0TUk18Z6w07emyEIG6d7f+4k2/lIy+OfCUukHXa2fMNE2tENgTE40KgRmxzrNuqtlkC4ZiEWFATSeIKOnIqzPlFO8pVLOCL5DzxVyfEO3TJ7o5k+YWZ2YxVzQJyJfWw8imr6QH/gKfF1rU+3ehS1r9RqaCuGWkHT5fF8Kxt+96ErRokF6VaZAP5J9UsSRO2btIsfDbZcPx+qEM9XxG7RuKbV/JOe2STzeX2g8Oo9AiUzs78ISAaq21G22tC9ecnyu253Fyk4X+xvCyYTh9EnLz0EZlCgWRW6UVeR31DJPpyzbmhmQyRCFlEOvh+0qo7rNugX8qQJhT5Rdpd9PIt9npeTXIAovL2PnBZkpdXwJGgWrQCH24CMJ6Xi+FzatwgP1DQsStpVFHMa3+YuyNRZ+riCPjr4CcefIm5LjjMFJrgYjWwobnDHtDS5eJkMXTDzeESmmxhJEmHJjnBO/hhW9edK7hvz5QrVv/ONTvfcTSvdFzW2THltTbpxcmArOoMLDc3nfJ+XdFmoTEMQpWoS6tMp19bxWPCqg9kQ5wa0fm3xLSyllKUDGclhc+BwKrSMTQ3bsn9uKTLIZEMQgFq1niEZikZShLA5i7RoJkV+tnwbYacQ3c6IYkeRojTrh9zU0RGxz7W/wLJxQm7FmaTeiKVZl27DnzdolmiK4B/ISnteKOojfIEGTwI81ZfYbEgofOBa37ccK1q78HKiuIHPamVjCeoZRvXregXHxY28ncwpTYhTJqa87G/8wLH4dxEtop37PdTuo192zlQJkaEL4bFngqMfxIBxkM+qFKRHmXEaCaGHuTPShiAL8pjo7vv8gJwsxRVXEt9JeKewb3oUIbHpZk9ftZTfXIf//0fF6/xmTcgNwUb+fZ973CQlzYJjYyZ6wsb/USj6SuUnRps1RBlsjt5+XDBbdcPlIU5wgy2aIl4MvBRlOY37XPpm9O4ORiQH3bje6sXp+UW55bx2g3f8Qcmqj4XMzRN7PuYUX3v+paWHFxD/QGYlNs5aXtSw6v9NKNpJky5vzl8wkYm+GNqyW64StlDHZmkWylzAZwCRef1GFqcvhba2CX+y2tFu1SVzfU+FsOhDYoZ8MGjB6mpa6INszEFS6cInHjTIAjSCTwJygtsEQNyvEHAw8LgS8Aur6KAwMLszdE4WUDY4hR9xTVGqk6IG7iPnuw6JSc9GqfJwO5YrCbpgiEOcs9ESeqF+pdV8GjNSagHCeC7WnvWK2bb4eZbj3VEqqHrM/Gdx8BNNCxaMr7wY634FQrRpg1hZ781Dn0G9VJLt9R03B3p49DicgXGqjgOIYxgbE11Xy/PHiZ6hDw6ygXR+W8LuPtx4sRFDEvjurRUn0p6mjN+MNokrdsxQ/pKRduINt869LURS19qmiRB5qZSKft6W6Rki43ZGtth3WXXsJn6ByDROzuj3wkbGfjQUc/Sbi6PV9kGp/9egqDkvmsEiStAQ5SQBRH7oJpSTig3MPHaHCBI8lxRMxnNB3vMMyzHzSK7vFcwp3ZgN5qWGCCw02ba6jYW1kFAB7RLMv4gGYkqDkf6Gfi1iZ2gUObpDkhLVXqksArAGlLnkTKIIAjXK2Tu9QqxNGy1WmbRP6nKrEhhr1z6IHETMZRTvObHVJhMFyT/xim5K4Vd4HlawSuzqtTbofySPwYWN9/8BO7acGQ/t+YzFlI9bZmvJF8rtX6Od41g55wKhFJDZ/k0TxcKvqholjonFw4ZyNL/d7Vymb5/aSIgXKhGpQOw5EKTdcmBNuuTY53geoHeDxCaG3dGr2PdP6ncA8hmpx/yQ5DEL1DQ9wbJUuXaI++Yzs37zu+ZGk/7LTcZKwOK+zauZtqeB5+VTVdLNlJPL2nwfBIxwOO5AI2RhEtGF1TVcA1R+6B2Mbdb76/j6psWDi8kzvWf2QWTJzxr8qY2IVJ4DbDv6i3QktCpAHUeiQAOWJ39L+epUaEsC4UeijjPad9wCx1vCTlORPJUCfh2c+wMQGz7nQhgYleTlspqpQoc3EK1IkeWq4KMkRhx6g5vyB7YjYI+n1EKNAj//n7gFVWMy4orNZu4UL01PJpIk6rAauS9eK9IA2QYT5lq4h9goOfPx1FnDXMrYztLc++vOvCltvp8NwG9TItQyUjveR/siBD8ESYjxtbdS3Kvl3M1SDrcKyQQU3Q1vzuycA97o+EFIXH+Zs+lyzm6uz9HdeND5sczZ8RaGHWmyZf5vQQd112/LXwgnYZPKY+vGZjAhfvhRfY1JO0QYbO6Ro2BncGj5uBvPncObarjXHsknpWsTCYcAkPlLjiDWH1RC4xq9xBECCczQskr5LofPX/BxXbfMNu/kwXluARLtlvs1H2sRuywgjOSiXYDK/iC5Att73LQexG5pEMlU5M906Zg21sJiXZBCV5/pdbVT/xiHUo8e+FWQL0cPfEHwyXezs4jh5/aBbSHCP99Oe5BJiG7Z5NE2UjY19JdyetUlkjkAplwZn6zUQQlfd+EbRHPaLZ8tCLZHVlgb7hOqlOhGja+/3V2JGd/d3HNKq/mzY4fico35vAKsKS3ByzsT5yzIDtkr3/9axYhEeYblc84FVtoH/eJ3HeoAs2cf3zHsk1aORp8tiD+uvZR/8du+zcTX735xGCQjKOvD02jRuarPmCfD0jhgwcbjwXoetp0U3q8EjdmPUb/mxVSebCsI1wpoVlU+QbBspMSwiPjuc9ZGseQ4tOpdXmFQ+soVWTuzQ2BUnkdmmFcX+tSd63COPZME3F4LB1vOnAxIwlF5Q6ztY2S4tQfEgmnNKjwQbCtzl4kiItSA4r+1jAkwLLneTBJt/ALoxUeNN8iR/fQPDveu/5n1ij2utNN8cVbrj9iguXW9uYEcaKzs0L5/Ww6LjFwaLyr5m4SgP7JPDmajpIshqI0JnqqdzYKZUXY3lzn/9dVqi2g3Xqr0GuYCffNOe6eVTp8gC7l9c9WDjCnGVGpOyQkZ4WnpU8L2/BHYtWUTYTJ0Inkx8NMRBtjQ8IYrYio93re77WvpWwtTd9ZXL2Jb0whopwPMDnspU+qzQT19weA+er/LD2kwCm0j5jebZdvEKqFg1/VLckAHGx87YNYC7WvDbTaFP+sAzjEGONagyKO4o6A4QSi6YjsBTJiVzh2gnVbv8qi38psFxfxwf7hAkjVTSgdJeUTg7s2eoc+IMlVjX/8A6uhvvULFq1OmlMmpOPrGbsNje4/jQEaS/iVnSPN0+yAEkT1jLNCmDDZ1acIPzc/mifHa+oJ1XK2ucDlYVWuPW86goE= 10 | name: AgBRK9JRtJ1NChDWkOkWTMmVNPqGZhtfe87LHaWR2Ry7u93arKffEf1BIcI+O/JdWbODp1mLmKdZkIo9TErLaA08jYUi6Kqae3dIlID6fkLRj+2wWqim6GqWx4II+Rx8q/ceR3Ta/o+zomV5Gopkj8nmSd1if85WC6DLfBgZ35KflWyiSFbMVKicHmPuNxbNoPMvA4QRYi6V0Nk4g0LoWc0mkfoc1oDwBSxovIuYoEvnJO2RMPmm1s2ZO/liV0yxyYIRcNHFAcMGa0DPsH6oTX8nNP15+HkQqcO4T5ZNrdN55WLBUlQ9D096+g8ve2jrUTiFCn9ptABtuvglX/lLB9eOXQjAXZrC4jpdX8jN9iJ3dJtc1E40lMVz81WJ9uBjKS1nskjpai/50hY6TbNc7gwWe1M7fJR3FWm4L/03ziTFuAFU0rMYx26U2DFYRAbvlwpTcGydVSBIt0F8kZ8Jy1nrBOcU7bhzLF2uqsJpFv/gsC2Kk6OX+nVC/um4Mm04egK9RS9d8g4S8LMAYPYWlUf9bIOSpGggvm8/StXC2l9RdChmSznYrdaq133yJRmYPv54KwNcrDdqlxAj9ihfqPH0kHAsRDpUMFjLVusPAQUTvQCdVTGIumf/aegeYHt0WfTYwLZW5v1IerXQ9ZKZdrqBqAurbPJjV1vL1XFFewWBakPPOhHXpUp8zcRg8BE8j3Owquy90g== 11 | server: AgCtMBHgsWwGDVpeYZ7V8dEt27ha9kYJf8bhDL9rba5eUL/rhg9qpEh/UmG72uetOeBk+zwF4yX1QB79YPOSRsKmpuGJh53ukn/TiFTdAlkQZS1fBO9/9qZDrR7r08NCTkS5J9fQfdZVCeBF6mq9tVqow4A5qmZQ1wXRxF6C4zO9daPBKuDa+zu2naKRRLikEJ9l0yUF8P1fDfzgyDuybJEdqReuO+W4x2TlC3AExAM7TbcxVL7zK7r7mPS1Nay0o1KgoQ26qDWlpk8CvFF4vfBzHZDeQg2fmLFif5tydOTiRfe44ZE0HBqdZltwXRhTXp4bQFmlNAFvlHXa7VT/RG/+zDnpUdpLmJKba0Rq0eWTaRfrQJfmM1cWvbmnrnqaokDsoiSgR8iMD+XZsRY4GKX8iNl5A/e89JnIDI1lo5v7EMb08vRjjnjHOsz5OwgvEaAthfVrX/qaCvHMcfJtOywjuhN1nCTuUtxnIIFnyyRxx8WXETLcLOgNv3V5sYRWgxDhgjplbLxQFVY/BJQG0C4AArQUj15DQFczLXi/iLMFUUpOTbS1UWnV2IMLrIyFGeGH0UMJcyBCCpHQGwQYVmx1/l5FE66Wq3W1n1kmG3JqNoSsgekWf6Fha7PlLUg4ABROge6ZGNMppIJXmelIOsu+ld07/4YFTh3tyVBHhDRDEDX42t8Bf2hZsIyg4cA2Zuo2vP1Wp0opnameq4MQ/ve3JmtxwDwEUvhJ0Q== 12 | template: 13 | data: null 14 | metadata: 15 | creationTimestamp: null 16 | labels: 17 | argocd.argoproj.io/secret-type: cluster 18 | name: rak8s-secret 19 | namespace: argocd 20 | type: Opaque 21 | 22 | -------------------------------------------------------------------------------- /manifests/argocd/templates/argocd-sealed-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: argocd-secret 6 | namespace: argocd 7 | spec: 8 | encryptedData: 9 | dex.github.clientId: AgBxv+qZjGN7irNXV8qtS+gL77hlQI0TaT6nRQJbT7OyLmm7/uEnLjydyqHFK+vgFdURyk4LENoToaJMra+77o4+tPtbSfL6MGkpVovCwN10qqp2ctbR2cz4sp25MH+fVgOWAHwqgG/zVk08dJVIgdDDr3qobLHleRxzaTASGkzWz2pGar6PA2E9U8oV+qMGmW7jxsU5Dbi1PIIE1zmecmAu6CAEA1V+nHL2ei+Z8tFt1/7/AmLev3uZ6dOv1tLXsctYc9yHZq3sHpUNtA66cjJ2Z5vp1nx98Whif3gI4aaVhQvrrgZc0Vdyuq61MT1N3ANHSENG0TIs1jiuo2PcHkSUL8aLRrwCYAFSEOH/7FhTGNNqnIAUvtxMPXAEopB3j+8MGJXHI3G00tVb3r0v/7UHGnXquaTL78AipJjDlcRBsHoR1Mi5FRkCzuM7mdehRGJ1LzHMqDVfVam5+Tlmk1OhwBwmHkLwZbwHNXXMOrIX+KP08P6z/K+873c62T1H94HQ9+SwGuvfMcpGP38gm9uBNCPbWhuumVO8CVW3NmRbJIBF4QmVONxUL2mJCXZU+wcYbemXy6jTp8t5gZ3+dHjxqmdX1bNSy6GQPL7j8yPaiEfxNzV35lrMk9W/5xfLacPScT5i+JEC/wUpm6sf+QM5o0FzM034SPAP2XJOeSffhCjHIsbKS8LvDtmoLEvVraLBFuHPrpggzW9j9w8//VraPBV47Q== 10 | dex.github.clientSecret: AgAELPxvO8/bwwtXQ0ugWvdQwQrQ04kko2cRHKQRfCOYtcw6uPLtgd+eZHx+5j8d49VKaU9EwCwHqMZe5f2MKC81273lC2YHO9yvNYLekj8iN0S5spxfX1BzGNZg9/1VBOtvIzC/OsbrTxULrPwlk3w/MbxmMY4h6QAWYf7JliJJVK3/YplvFoMzjmMhqLWQnYI7+TxyqbEmK0rYg7tZeg9H4iJWyLLviLA9axnZc+/IMgM2xXzQEHncwUWfHtMzPAegItSkkKnuhVmf9zsoOA98FdqIBjFRLDjcPYBO6CbgBzJ933A8Ph4vweXngsyHhlWqepeKZ7EkSsN9nDX7+B3LN7HEo6ysYor3ny/BnZRSKpyN9urHfEq5m2upvo46v7zBL9gOTKgxjAnbYJ46afk0i+5SxfndvbmA2729stwILdER22JvcrKaZuarsPmT2WqkBB3ECiN4V8QXHERe2z2pEcxtXyZJUdy3919nO5PHo8j7z5SvHzcpPr4QFokF8GxryqmnA0oSytx/1Zi988LZLkHBUcGIU4eaOUA8abqHkmffmvxcqVrHx02it5XnjeTBd2nybDIPPqnA5asST6sfCExFY0ftsbwIy+w0aPnTnIn4d7H3YFkIf5kmPx+tr/o3203/5kWQTnDZi3+bW4mhMIlFpZWH8UXaBVdxnkXMmOpI0EDXekFmc0otMcwBku3B7OqtxdmvMP6nzGFp7JFWW0STHLrks3HuW5EnYpe2/lP6seWWDG1k 11 | server.secretkey: AgCPlxmsfVSRjMsNA+dgEd5IREJsbKLmZEw62UjIVvAJj68VQuRMxzDtGKgnhaS33GOhgBJB7PGWvCfcClzWSi2JDnetNcCHVAzRR+WjFFt5S0a4YZgDRi9ZiLkN87QAHPJEqVav7hvkGdsT5ArHxXTH7xAHuirmAPygQtz/ehoV9Gj0edTj5K3GoJvYY9JLe6XhK+2vCEqJ4mbIz8YbM4mOXeH3/VdfPtEFqrVn0EA/Ym+gJzDKkC6uet4CQiHL+G2IPaFc8NnMh7kREqoj+NPqy0aZ31WhOML5HuIgmM5i2V/liuOEwrHspqNJJv48EueUwEQOiUQjiaoYf16UVA146/H0DsqxZae/PXeZP68uCooNI5HAg1ZUtez4bqyQDHQkfS+DPsvuqnp50/3cStlilx9IuPmn17Hps0EQzAJnnZa3o46LyAYQFIeaDo5PiPzdaZsk7VE1UvoG508n3iFpVks72fJtFRsfGAjKJLMANZNFJWQCEKbBIqFVFlv6s97s0XDLqUvhzgvCP7b28uar54izHLk6ZZ4ub+OU58y17QHsG+eaAocjHJB0CSk+F2MSDaBFDTQqB47taO5thg8CAg+KVqqkRj5mu0XtWSeNP91sLiYc7E/+l+pfW4R90kuGzloaS5dJ3J7ZPb2bw38b2/iA7PV3i7lqE3WDEbC/b9L0M7n4IUiblK50faZlhSy403LG1Nej3BqW1nLLGfw1HUDVsPYPEuaJKB7hwXEm6QeSpus1fi1KwmAEdw== 12 | template: 13 | data: null 14 | metadata: 15 | creationTimestamp: null 16 | name: argocd-secret 17 | namespace: argocd 18 | type: Opaque 19 | 20 | -------------------------------------------------------------------------------- /manifests/cert-manager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cert-manager 3 | version: 0.0.1 4 | dependencies: 5 | - name: cert-manager 6 | version: v1.17.2 7 | repository: https://charts.jetstack.io -------------------------------------------------------------------------------- /manifests/cert-manager/templates/cloudflare-api-token-sealed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: cloudflare-api-token 6 | namespace: cert-manager 7 | spec: 8 | encryptedData: 9 | api-token: AgBfymB57ufxsvEPRugFu4AtS3vfn4w1SVkovqYAcVe9yksoRn5G5tBCax2UNBbcJumEe5qyAy0jK1Wvs9eUeqiVZmyOOUI2TgB0dCygCdwFyEDWG/qBGMvA4aLLi9g2bcfla4NBnhDDkQbSkh8Xi3gaCqFRGecruvDkFdwSEMWo/0fXDPCsPuKTaowb2AWVRY3tT+aMOqI2eIEQQF7Z8m4wbuhFxfbmSW4hpgxfehi9TQh5+ZiCFkqNRUe9IAT6QyZI+iq1+hf03vbNZ+T6q0rVpQNdfLgyi/uLPQ+/m+Zh9GRzKA17FnLIArcCzWjJhJMTq0bhf5CxJWM2MaejgHnxtLI8TE1McuukYuLg45VNdTOm20jyPYL78bPMZIL4nU3MJ8Mj5nqr6SziXyqgr8zaeCiP1+ZWfFBq8Lyq03xyh5ue7sijPfH3375WoR6XvMNpvA3fCBzLCPTwi+qobGj+0ZJOF4Ol1IMGyIvqCFi1StRJEx1ltzsm6xCI8S730F2Nau3Zxuv2/ila8RBGsNfCA2M0gLLT1jrpx/HTIDuvl3i+IoD5PA4gZVztqOWdtS/TLiVibpfFvsSxiRYow2fBA9Je8R6hbXdJlXotYQfqDfWwpG2u8AYONNzbtRUED4LBAKxGeMRa8mdniN4dd9uh+PY7j8xMstMFog1aCXFLIwcnIEvgy2Wx5pgPNzBF50jIJ/KgfGRNgJMcHqZUEUJ9/FxwRnzSqFbviM8HBzXQChCGhCLjKU0x 10 | template: 11 | data: null 12 | metadata: 13 | creationTimestamp: null 14 | name: cloudflare-api-token 15 | namespace: cert-manager 16 | type: Opaque 17 | 18 | -------------------------------------------------------------------------------- /manifests/cert-manager/templates/le-live.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-live 5 | spec: 6 | acme: 7 | email: mg@mylesgray.com 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | preferredChain: "ISRG Root X1" 10 | privateKeySecretRef: 11 | name: issuer-account-key 12 | solvers: 13 | - dns01: 14 | cloudflare: 15 | email: mg@mylesgray.com 16 | apiTokenSecretRef: 17 | name: cloudflare-api-token 18 | key: api-token -------------------------------------------------------------------------------- /manifests/cert-manager/templates/le-staging.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-staging 5 | spec: 6 | acme: 7 | email: mg@mylesgray.com 8 | server: https://acme-staging-v02.api.letsencrypt.org/directory 9 | privateKeySecretRef: 10 | name: issuer-account-key 11 | solvers: 12 | - dns01: 13 | cloudflare: 14 | email: mg@mylesgray.com 15 | apiTokenSecretRef: 16 | name: cloudflare-api-token 17 | key: api-token -------------------------------------------------------------------------------- /manifests/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | cert-manager: 2 | namespace: cert-manager 3 | installCRDs: true 4 | prometheus: 5 | enabled: true 6 | servicemonitor: 7 | enabled: true 8 | interval: 30s 9 | extraArgs: 10 | - --dns01-recursive-nameservers-only 11 | - --dns01-recursive-nameservers=abby.ns.cloudflare.com:53,sid.ns.cloudflare.com:53 -------------------------------------------------------------------------------- /manifests/cheese/deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Deployment 3 | apiVersion: apps/v1 4 | metadata: 5 | name: stilton 6 | labels: 7 | app: cheese 8 | cheese: stilton 9 | spec: 10 | replicas: 2 11 | selector: 12 | matchLabels: 13 | app: cheese 14 | task: stilton 15 | template: 16 | metadata: 17 | labels: 18 | app: cheese 19 | task: stilton 20 | version: v0.0.1 21 | spec: 22 | containers: 23 | - name: cheese 24 | image: mylesagray/cheese:stilton 25 | ports: 26 | - containerPort: 80 27 | --- 28 | kind: Deployment 29 | apiVersion: apps/v1 30 | metadata: 31 | name: cheddar 32 | labels: 33 | app: cheese 34 | cheese: cheddar 35 | spec: 36 | replicas: 2 37 | selector: 38 | matchLabels: 39 | app: cheese 40 | task: cheddar 41 | template: 42 | metadata: 43 | labels: 44 | app: cheese 45 | task: cheddar 46 | version: v0.0.1 47 | spec: 48 | containers: 49 | - name: cheese 50 | image: mylesagray/cheese:cheddar 51 | ports: 52 | - containerPort: 80 53 | --- 54 | kind: Deployment 55 | apiVersion: apps/v1 56 | metadata: 57 | name: wensleydale 58 | labels: 59 | app: cheese 60 | cheese: wensleydale 61 | spec: 62 | replicas: 2 63 | selector: 64 | matchLabels: 65 | app: cheese 66 | task: wensleydale 67 | template: 68 | metadata: 69 | labels: 70 | app: cheese 71 | task: wensleydale 72 | version: v0.0.1 73 | spec: 74 | containers: 75 | - name: cheese 76 | image: mylesagray/cheese:wensleydale 77 | ports: 78 | - containerPort: 80 -------------------------------------------------------------------------------- /manifests/cheese/ingress-host.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: cheese 5 | annotations: 6 | kubernetes.io/ingress.class: traefik 7 | cert-manager.io/cluster-issuer: letsencrypt-live 8 | spec: 9 | rules: 10 | - host: stilton.cheese.apps.blah.cloud 11 | http: 12 | paths: 13 | - path: / 14 | backend: 15 | service: 16 | name: stilton 17 | port: 18 | name: http 19 | pathType: ImplementationSpecific 20 | - host: cheddar.cheese.apps.blah.cloud 21 | http: 22 | paths: 23 | - path: / 24 | backend: 25 | service: 26 | name: cheddar 27 | port: 28 | name: http 29 | pathType: ImplementationSpecific 30 | - host: wensleydale.cheese.apps.blah.cloud 31 | http: 32 | paths: 33 | - path: / 34 | backend: 35 | service: 36 | name: wensleydale 37 | port: 38 | name: http 39 | pathType: ImplementationSpecific 40 | tls: 41 | - secretName: cheese-host-cert 42 | hosts: 43 | - stilton.cheese.apps.blah.cloud 44 | - cheddar.cheese.apps.blah.cloud 45 | - wensleydale.cheese.apps.blah.cloud -------------------------------------------------------------------------------- /manifests/cheese/ingress-path.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: cheeses 5 | annotations: 6 | kubernetes.io/ingress.class: traefik 7 | cert-manager.io/cluster-issuer: letsencrypt-live 8 | traefik.frontend.rule.type: PathPrefixStrip 9 | spec: 10 | rules: 11 | - host: cheese.apps.blah.cloud 12 | http: 13 | paths: 14 | - path: /stilton 15 | backend: 16 | service: 17 | name: stilton 18 | port: 19 | name: http 20 | pathType: ImplementationSpecific 21 | - path: /cheddar 22 | backend: 23 | service: 24 | name: cheddar 25 | port: 26 | name: http 27 | pathType: ImplementationSpecific 28 | - path: /wensleydale 29 | backend: 30 | service: 31 | name: wensleydale 32 | port: 33 | name: http 34 | pathType: ImplementationSpecific 35 | tls: 36 | - secretName: cheese-path-cert 37 | hosts: 38 | - cheese.apps.blah.cloud -------------------------------------------------------------------------------- /manifests/cheese/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: cheese -------------------------------------------------------------------------------- /manifests/cheese/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: stilton 6 | spec: 7 | ports: 8 | - name: http 9 | targetPort: 80 10 | port: 80 11 | selector: 12 | app: cheese 13 | task: stilton 14 | --- 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: cheddar 19 | spec: 20 | ports: 21 | - name: http 22 | targetPort: 80 23 | port: 80 24 | selector: 25 | app: cheese 26 | task: cheddar 27 | --- 28 | apiVersion: v1 29 | kind: Service 30 | metadata: 31 | name: wensleydale 32 | annotations: 33 | traefik.backend.circuitbreaker: "NetworkErrorRatio() > 0.5" 34 | spec: 35 | ports: 36 | - name: http 37 | targetPort: 80 38 | port: 80 39 | selector: 40 | app: cheese 41 | task: wensleydale -------------------------------------------------------------------------------- /manifests/elasticsearch/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: elasticsearch 3 | version: 0.0.1 4 | dependencies: 5 | - name: elasticsearch 6 | version: 7.17.3 7 | repository: https://helm.elastic.co -------------------------------------------------------------------------------- /manifests/elasticsearch/values.yaml: -------------------------------------------------------------------------------- 1 | elasticsearch: 2 | ingress: 3 | enabled: true 4 | hosts: 5 | - host: es.apps.blah.cloud 6 | paths: 7 | - path: / 8 | annotations: 9 | kubernetes.io/ingress.class: traefik 10 | cert-manager.io/cluster-issuer: letsencrypt-live 11 | tls: 12 | - secretName: elasticsearch-cert 13 | hosts: 14 | - es.apps.blah.cloud 15 | # resources: 16 | # requests: 17 | # cpu: null 18 | # memory: null 19 | # limits: 20 | # cpu: null 21 | # memory: null 22 | # esJavaOpts: "-Xmx1g -Xms1g" 23 | extraInitContainers: 24 | - name: file-permissions 25 | image: busybox 26 | command: ['chown', '-R', '1000:1000', '/usr/share/elasticsearch/'] 27 | volumeMounts: 28 | - mountPath: /usr/share/elasticsearch/data 29 | name: elasticsearch-master 30 | securityContext: 31 | privileged: true 32 | runAsUser: 0 -------------------------------------------------------------------------------- /manifests/external-dns/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: external-dns 3 | version: 0.0.1 4 | dependencies: 5 | - name: external-dns 6 | version: 6.38.0 7 | repository: https://charts.bitnami.com/bitnami 8 | -------------------------------------------------------------------------------- /manifests/external-dns/templates/external-dns-secret-sealed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: external-dns-tsig-key 6 | namespace: infra 7 | spec: 8 | encryptedData: 9 | rfc2136_kerberos_password: AgBJySpEFh//QKF1HWjaw/+MBhlQmokRBpffNTgEhF7KzDxjtxN4Ni4IbcTJqR5dfzgXtqaTWV6e00Siu1sEysx7LMrc6AwoiWqojcGT+BLYvM5xKAYM1w0ci5LBNazTEve75k/X51CrC6ZEK/0a28ukfy7dgC/XcyKdjrzVHS1nAGffpYoal7vw9Am49tXUiK9+wJvOuru6HC6+SXsMfSDEuQkGVcHT+X0XYPE7lPbc/+f2Y4RvFyTb9fQZN3MiiASq83r5LOGzYyWddhiQpIt0nHWWRYfanCj5dNWsQAMxB+Gyx5Pn120F/mt6Ratx7e0hBLyPfYyrvCYX0x13u2Ye8aBSmx6oZTqbkjkhGjtKY4ZPhNOFD/5M1pgAuElK1zZ69joniezC8uB5Y8UuLnHTI/wmjw+zTgWmNlP0JvaaYKEacXeOUQZvZJkQTgvu1eE26LrsHHJxxn3SzP+4TpL5ajbnFnXn01LeEuCKLYI2nCZgHUMOO8dU8IfzHTqe7fndNVdaXpDL3Zk78oxEBhRv6VBm+br0ROFtp6JmS71Q2Y7x58/6HTQJG5OwTfly6x0RBflKyzv5zT7HI+01v0GOshBEDIqZvMiBUnv29QrnfFcNDkwYmbpqZIwwS1/zj1JvOlImJKJeohR3m980YtH30nIAK7aukfAByiyzeD2XggoZTQZu/aA6+Px8JrJYJ78= 10 | rfc2136_kerberos_username: AgBpcIaOU++3Wgib0GG7iyC/b9S3kCy4ChU8p/Gf4VdLoTw4iiHEl43SkRsQcXTR1Jkb4bJUUix03K08GYvEKeSCOb1KjvJToSfIrYhUxEeH2F9wb9uIjgp6TCYULPbPU0PkCc3JIsydbtqQNl3oQ7w5gGJPgYH7eRuxZTWmFkLUAeLzTR0lsmirz4fVCg5AtgLTR1a92/+IwF8gXaMkhtnXkvDwbvGxvAD2V8NUsbA26Gk+OEnq3neTBxOUTLFDo2GoqcD30s9PB3VZ4euVGPRMN2b5Bxt9m0xxPR13MTK4A2b9SYOpWvE2WV2tLh4G9mwd7j3RWaK4Sm27ZnkqobXiAc0b/QDEcCYk2nj5sBjIf8ctq5rnEk2JTYGzCEXyRZCDODP4sz/owDEiTipldNcDtO6t+POsJ67uvk7Vo9V6BnRjPXa1Nr+lYoIAD/AlFK3pxn2rjhV2kUAIHpFFNs9sDba6ygsKMG0YbxGlXeDjUfE87Aw9kKAwl9Tgd69cBso16LWUNUHKW4ps0duzIcLn2QujQnRMnPcY7j3zTqJGlRD2L0vP+plvS0eJhDr2TRbnovg9fFVVMt38Q9UdAewHdP4UcYzDy1fhF6JVoGw9MrDwl/t2d6XfgMixfzazmcob5Fy4Q5P06uceq+YXHTTxNZakmEiBigzCfcQnBYsDyKCftorRcTPfS3m0LUL46aM= 11 | rfc2136_tsig_secret: AgBHOqNIqcRLm/FsGz6DckxUq40seCtyEg2fGfdv+/c9Sfo7ZenU9loLIkITP9ZGjybJrHNCAd/Dn008aFqxln0RhTWjLaeCPDBEVbPW4OfejXqVjkacdSf+uCdRDLPMDHmVf19f8VmOFL0etpUI8e6PFEoCfg2jfh+0KZRuqXCv19IrCh8TRb9VhCjQ49yLd7CkbvN5I49RHOEWBOWyZGYXT7RXTCkTvPd+pncEo1YdppiBKVAtCVPOpgHpBdc4NeLHBT0v1tOuNNNWD2DmFxnY+Fg2rTFggAnj8rmn0Uq9Od/TsjPCgRag8jH02I+KVRkLmK9fup7GqrlZl10WugIvEMyuz2K2GPAK+94WbYygP0US9xqjTSuaYeeOlXDmmJc8Iym0wp/LHg1Fxs/l+G0UPcpImLI5/03hfoP5hrkqVfFhjxhdzoIESLLNhFguH3lFCx70W1qcBe56NPw3n/5WpnSHXZQPdd5NYh5F/gYrtW7Ftj59A74LXy/5/5KuTP+5Qv1xUjv6q+7zBZqAwbmkkdocyXQL5imMq/xkzQ3DPyH+12QpRMd96bJgan1dEKkzJq8+a4wziB46Geed43OLbyZiaADNmT5kAGI1XFKvv73+oafDmfMBP74A4k4mQVm8ypyhEwjhX0cES4g4pCzdu9U00xIwOkfClQDg4q/IEIMoDZRLDhVobWxkfE9JolujGlS7Cx+UpD1nbwM2TyWm7HhZAp82YcLuxX5/GYRZTW5PE8AspTh3RqNDXkzG9OAU/4WVIJqsDBgmoXlwC6rzVBCPH/DpzOMdAzcwcqXXgr42SnuXgHfV 12 | template: 13 | data: null 14 | metadata: 15 | creationTimestamp: null 16 | name: external-dns-tsig-key 17 | namespace: infra 18 | type: Opaque 19 | 20 | -------------------------------------------------------------------------------- /manifests/external-dns/values.yaml: -------------------------------------------------------------------------------- 1 | external-dns: 2 | rbac: 3 | create: true 4 | crd: 5 | create: true 6 | metrics: 7 | enabled: true 8 | image: 9 | registry: k8s.gcr.io 10 | repository: external-dns/external-dns 11 | tag: v0.17.0 12 | provider: rfc2136 13 | rfc2136: 14 | host: "192.168.1.20" 15 | port: 53 16 | zone: "apps.blah.cloud" 17 | secretName: external-dns-tsig-key 18 | tsigSecretAlg: hmac-sha512 19 | tsigKeyname: external-dns-rak8s 20 | tsigAxfr: true 21 | txtOwnerId: rak8s 22 | logLevel: info 23 | logFormat: json 24 | policy: sync 25 | annotationFilter: "external-dns.alpha.kubernetes.io/exclude notin (true)" -------------------------------------------------------------------------------- /manifests/fluent-bit/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: fluent-bit 3 | version: 0.0.1 4 | dependencies: 5 | - name: fluent-bit 6 | version: 0.49.1 7 | repository: https://fluent.github.io/helm-charts -------------------------------------------------------------------------------- /manifests/fluent-bit/fluent-bit-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | k8s-app: fluent-bit 6 | name: fluent-bit-config 7 | namespace: logging 8 | data: 9 | filter-kubernetes.conf: | 10 | [FILTER] 11 | Name kubernetes 12 | Match kube.* 13 | Kube_URL https://kubernetes.default.svc:443 14 | Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 15 | Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token 16 | Kube_Tag_Prefix kube.var.log.containers. 17 | Merge_Log On 18 | Merge_Log_Key log_processed 19 | K8S-Logging.Parser On 20 | K8S-Logging.Exclude Off 21 | fluent-bit.conf: | 22 | [SERVICE] 23 | Flush 1 24 | Log_Level info 25 | Daemon off 26 | Parsers_File parsers.conf 27 | HTTP_Server On 28 | HTTP_Listen 0.0.0.0 29 | HTTP_Port 2020 30 | 31 | @INCLUDE input-kubernetes.conf 32 | @INCLUDE filter-kubernetes.conf 33 | @INCLUDE output-forward.conf 34 | @INCLUDE output-elasticsearch.conf 35 | input-kubernetes.conf: | 36 | [INPUT] 37 | Name tail 38 | Tag kube.* 39 | Path /var/log/containers/*.log 40 | Parser docker 41 | DB /var/log/flb_kube.db 42 | Mem_Buf_Limit 5MB 43 | Skip_Long_Lines On 44 | Refresh_Interval 10 45 | output-forward.conf: | 46 | [OUTPUT] 47 | Name forward 48 | Match * 49 | Host fluentd.belfast.blah.cloud 50 | Port 24224 51 | output-elasticsearch.conf: | 52 | [OUTPUT] 53 | Name es 54 | Match * 55 | Host es.belfast.blah.cloud 56 | Port 9200 57 | Index fluentbit 58 | Type k8s 59 | parsers.conf: | 60 | [PARSER] 61 | Name apache 62 | Format regex 63 | Regex ^(?[^ ]*) [^ ]* (?[^ ]*) \[(?