No description
| applications | Update Helm release cloudnative-pg to v0.29.0 | |
| argocd | Init | |
| bootstrap | Init | |
| manifests | Update ghcr.io/mealie-recipes/mealie Docker tag to v3.20.1 | |
| README.md | add ingress for argocd | |
| renovate.json5 | Change renovate branch prefix to deps/ | |
infra-kube
Kubernetes cluster config managed via ArgoCD (GitOps).
Structure
├── bootstrap/ # Root app-of-apps + AppProject (one-time setup)
├── applications/ # Per-service Application manifests (auto-discovered)
└── manifests/ # Actual K8s resources (referenced by Applications)
Bootstrap
# 1. Install ArgoCD onto the cluster
kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts \
-f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# 2. Bootstrap the app-of-apps (one-time setup)
kubectl apply -f bootstrap/default-project.yaml
kubectl apply -f bootstrap/root-app.yaml
# 3. Expose via port-forward (add Ingress later)
# Over SSH tunnel:
ssh -L 8080:localhost:8080 <host> -t kubectl port-forward svc/argocd-server -n argocd 8080:443
# 4. Get initial password and login
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
argocd login localhost:8080
Adding a service
Create an Application manifest in applications/ and commit.
Creating a SealedSecret
Generate a sealed Secret using the cluster's controller:
# Fetch the certificate
kubeseal --fetch-cert --controller-name=sealed-secrets \
--controller-namespace=sealed-secrets > pubcert.pem
# Seal a secret from a JSON file
kubeseal --controller-name=sealed-secrets \
--controller-namespace=sealed-secrets \
-f <secret.json> -w manifests/<path>/<file>.yaml -o yaml
# Or seal from literal values
kubectl create secret generic <name> --namespace=<ns> \
--from-literal=<key>=<value> --dry-run=client -o json | \
kubeseal --cert pubcert.pem --format yaml > manifests/<path>/<file>.yaml
Commit the resulting YAML — ArgoCD will sync it automatically.