1
0
Fork
You've already forked kube
0
No description
2026年07月02日 03:54:30 +00:00
applications Update Helm release cloudnative-pg to v0.29.0 2026年07月01日 22:26:05 +02:00
argocd Init 2026年06月17日 20:53:31 +02:00
bootstrap Init 2026年06月17日 20:53:31 +02:00
manifests Update ghcr.io/mealie-recipes/mealie Docker tag to v3.20.1 2026年07月02日 03:54:30 +00:00
README.md add ingress for argocd 2026年06月18日 15:40:43 +02:00
renovate.json5 Change renovate branch prefix to deps/ 2026年07月01日 22:25:28 +02:00

infra-kube

Kubernetes cluster config managed via ArgoCD (GitOps).

Structure

├── bootstrap/ # Root app-of-apps + AppProject (one-time setup)
├── applications/ # Per-service Application manifests (auto-discovered)
└── manifests/ # Actual K8s resources (referenced by Applications)

Bootstrap

# 1. Install ArgoCD onto the cluster
kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts \
 -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# 2. Bootstrap the app-of-apps (one-time setup)
kubectl apply -f bootstrap/default-project.yaml
kubectl apply -f bootstrap/root-app.yaml
# 3. Expose via port-forward (add Ingress later)
# Over SSH tunnel:
ssh -L 8080:localhost:8080 <host> -t kubectl port-forward svc/argocd-server -n argocd 8080:443
# 4. Get initial password and login
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
argocd login localhost:8080

Adding a service

Create an Application manifest in applications/ and commit.

Creating a SealedSecret

Generate a sealed Secret using the cluster's controller:

# Fetch the certificate
kubeseal --fetch-cert --controller-name=sealed-secrets \
 --controller-namespace=sealed-secrets > pubcert.pem
# Seal a secret from a JSON file
kubeseal --controller-name=sealed-secrets \
 --controller-namespace=sealed-secrets \
 -f <secret.json> -w manifests/<path>/<file>.yaml -o yaml
# Or seal from literal values
kubectl create secret generic <name> --namespace=<ns> \
 --from-literal=<key>=<value> --dry-run=client -o json | \
kubeseal --cert pubcert.pem --format yaml > manifests/<path>/<file>.yaml

Commit the resulting YAML — ArgoCD will sync it automatically.