Bootstrap Argo CD
Para realizar un deploy de Argo CD en un cluster vacío, o bien hacer un upgrade:
Values Argo
applicationSet:
replicas: 2
configs:
cm:
admin.enabled: false
oidc.config: |
name: GitHub
issuer: https://dex.staging.polandball.wiki
clientID: argocd
clientSecret: 11ce7741001b58d2f3b5988801f8958c
requestedScopes: ["openid", "profile", "email", "groups"]
oidc.tls.insecure.skip.verify: true
url: https://argocd.staging.polandball.wiki
params:
server.insecure: true
rbac:
policy.csv: |
p, role:dev, applications, get, */*, allow
p, role:dev, applications, sync, */*, allow
p, role:dev, applications, create, */*, allow
p, role:dev, applications, delete, */*, allow
p, role:dev, projects, get, */*, allow
p, role:dev, clusters, get, *, allow
p, role:dev, repositories, get, *, allow
p, role:dev, exec, create, */*, allow
p, role:dev, exec, delete, */*, allow
p, role:dev, logs, get, */*, allow
p, role:infra, applications, get, */*, allow
p, role:infra, applications, sync, */*, allow
p, role:infra, applications, create, */*, allow
p, role:infra, applications, delete, */*, allow
p, role:infra, projects, get, */*, allow
p, role:infra, projects, create, */*, allow
p, role:infra, projects, delete, */*, allow
p, role:infra, clusters, get, *, allow
p, role:infra, clusters, create, *, allow
p, role:infra, clusters, update, *, allow
p, role:infra, clusters, delete, *, allow
p, role:infra, repositories, get, *, allow
p, role:infra, repositories, create, *, allow
p, role:infra, repositories, update, *, allow
p, role:infra, repositories, delete, *, allow
p, role:infra, exec, create, */*, allow
p, role:infra, exec, delete, */*, allow
p, role:infra, logs, get, */*, allow
p, role:infra, rbacpolicy, get, *, allow
p, role:infra, rbacpolicy, create, *, allow
p, role:infra, rbacpolicy, update, *, allow
p, role:infra, rbacpolicy, delete, *, allow
p, role:infra, certificates, get, *, allow
p, role:infra, certificates, create, *, allow
p, role:infra, certificates, update, *, allow
p, role:infra, certificates, delete, *, allow
p, role:infra, gpgkeys, get, *, allow
p, role:infra, gpgkeys, create, *, allow
p, role:infra, gpgkeys, delete, *, allow
g, PolandballWiki:devs, role:dev
g, PolandballWiki:infra, role:infra
controller:
replicas: 1
dex:
enabled: false
global:
domain: argocd.staging.polandball.wiki
redis-ha:
enabled: true
repoServer:
autoscaling:
enabled: true
minReplicas: 2
server:
autoscaling:
enabled: true
minReplicas: 2
extraArgs:
- --dex-server=https://dex.staging.polandball.wiki
ingress:
enabled: true
tls: true
Values Dex
config:
connectors:
- config:
clientID: Ov23liD9fCg9hgSCDpv5
clientSecret: d3ca2d2f0e4b6b0d27c3daa8d6e6ca6782d01ad6
orgs:
- name: PolandballWiki
teams:
- devs
- infra
redirectURI: https://dex.staging.polandball.wiki/callback
id: github
name: GitHub
type: github
issuer: https://dex.staging.polandball.wiki
oauth2:
skipApprovalScreen: true
staticClients:
- id: argocd
name: ArgoCD
redirectURIs:
- https://argocd.staging.polandball.wiki/auth/callback
secret: 11ce7741001b58d2f3b5988801f8958c
storage:
config:
inCluster: true
type: kubernetes
ingress:
enabled: true
hosts:
- host: dex.staging.polandball.wiki
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- dex.staging.polandball.wiki
secretName: dex-tls-secret
- El clientID y clientSecret en
connectorsde Dex son los de GitHub. - El clientSecret en
oidc.configde Argo tiene que coincidir con elstaticClients.secreten la config de Dex.
Agregar repo a Helm (si es la primera vez que lo usamos)
helm repo add argo https://argoproj.github.io/argo-helm
Instalación nueva
helm upgrade argocd argo/argo-cd --version 9.0.5 -n argocd -f values.yaml
Upgrade de versión
helm upgrade argocd argo/argo-cd --version 9.0.5 -n argocd --keep-values
TODO: documentar mejor el procedimiento lol