From 56f12e7a607e4301f26d63796a48142e2cd19f81 Mon Sep 17 00:00:00 2001 From: Antonio Cascais Date: Thu, 9 Apr 2026 11:07:10 +0200 Subject: [PATCH] feat: add prod ArgoCD bootstrap files (clusters/prod/) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Minimum gitops structure for Ansible playbook to bootstrap ArgoCD on the prod K8s cluster. Only argo-cd app included — remaining apps added separately once infra (Vault, ESO) is in place. --- clusters/prod/apps/argo-cd/Chart.yaml | 7 ++++ clusters/prod/apps/argo-cd/application.yaml | 23 +++++++++++ clusters/prod/apps/argo-cd/values.yaml | 43 +++++++++++++++++++++ clusters/prod/root-app.yaml | 21 ++++++++++ 4 files changed, 94 insertions(+) create mode 100644 clusters/prod/apps/argo-cd/Chart.yaml create mode 100644 clusters/prod/apps/argo-cd/application.yaml create mode 100644 clusters/prod/apps/argo-cd/values.yaml create mode 100644 clusters/prod/root-app.yaml diff --git a/clusters/prod/apps/argo-cd/Chart.yaml b/clusters/prod/apps/argo-cd/Chart.yaml new file mode 100644 index 0000000..0328ee5 --- /dev/null +++ b/clusters/prod/apps/argo-cd/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: argo-cd +version: 0.1.0 +dependencies: + - name: argo-cd + version: 9.1.7 + repository: https://pilotdataplatform.github.io/helm-charts/ diff --git a/clusters/prod/apps/argo-cd/application.yaml b/clusters/prod/apps/argo-cd/application.yaml new file mode 100644 index 0000000..76d8615 --- /dev/null +++ b/clusters/prod/apps/argo-cd/application.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argo-cd + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: + project: default + source: + repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git + path: clusters/prod/apps/argo-cd + targetRevision: main + helm: + valueFiles: + - values.yaml + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/clusters/prod/apps/argo-cd/values.yaml b/clusters/prod/apps/argo-cd/values.yaml new file mode 100644 index 0000000..26862d3 --- /dev/null +++ b/clusters/prod/apps/argo-cd/values.yaml @@ -0,0 +1,43 @@ +argo-cd: + global: + domain: argocd.hdc.ebrains.eu + + redis: + enabled: true + redis-ha: + enabled: false + + server: + service: + type: ClusterIP + ingress: + enabled: true + controller: generic + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hostname: argocd.hdc.ebrains.eu + path: / + pathType: Prefix + tls: true + + configs: + cm: + admin.enabled: true + url: https://argocd.hdc.ebrains.eu + # Workaround for StatefulSet volumeClaimTemplates drift with ServerSideApply + # https://github.com/argoproj/argo-cd/issues/11143#issuecomment-3351076060 + resource.customizations.ignoreDifferences.apps_StatefulSet: | + jqPathExpressions: + - .spec.volumeClaimTemplates[].apiVersion + - .spec.volumeClaimTemplates[].kind + - .spec.volumeClaimTemplates[].metadata.creationTimestamp + # ESO webhook injects defaults (conversionStrategy, decodingStrategy, metadataPolicy) + # causing perpetual diff against git manifests + resource.customizations.ignoreDifferences.external-secrets.io_ExternalSecret: | + jqPathExpressions: + - .spec.data[].remoteRef.conversionStrategy + - .spec.data[].remoteRef.decodingStrategy + - .spec.data[].remoteRef.metadataPolicy diff --git a/clusters/prod/root-app.yaml b/clusters/prod/root-app.yaml new file mode 100644 index 0000000..1d9b691 --- /dev/null +++ b/clusters/prod/root-app.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: root + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/PilotDataPlatform/pilot-hdc-platform-gitops.git + path: clusters/prod/apps + targetRevision: main + directory: + recurse: true + exclude: "{**/templates/*,**/Chart.yaml,**/values.yaml}" + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true