initial commit

dev/argocd/.argocdignore

@@ -0,0 +1,2 @@
+catalog-info.yaml
+catalog-info.yml

dev/argocd/README.md

@@ -0,0 +1,120 @@
+#Installatie:	
+
+kubectl create ns argocd
+
+#certificaat aanmaken:
+kubectl apply -f argocd-certificate.yaml
+
+  apiVersion: cert-manager.io/v1
+  kind: Certificate
+  metadata:
+    name: argocd-tls-cert
+    namespace: argocd
+  spec:
+    secretName: argocd-tls-cert
+    dnsNames:
+      - argocd-dev.allarddcs.nl
+    issuerRef:
+      name: letsencrypt
+      kind: ClusterIssuer
+
+Hier wordt dus een Certificate aangemaakt met naam "argocd-tls-cert":
+NAME                           TYPE                 DATA   AGE
+argocd-tls-cert                kubernetes.io/tls    2      76m
+ 
+dat is opgeslagen in een secret "argocd-tls-cert": 
+NAME              READY   SECRET            AGE
+argocd-tls-cert   True    argocd-tls-cert   76m
+
+#installeren via helm
+helm install argocd -f values.yaml argo-cd/argo-cd -n argocd -f values.yaml
+
+#values.yaml:
+
+ingress:
+  server:
+    enabled: true
+    ingressClassName: traefik
+    hosts:
+      - host: argocd-dev.allarddcs.nl
+        paths:
+          - "/"
+    tls:
+      - hosts:
+          - argocd-dev.allarddcs.nl
+        secretName: argocd-tls-cert
+
+configs:
+  params:
+    # disable insecure (HTTP)
+    server.insecure: "false"
+
+server:
+  tls:
+    enabled: true
+    # name of the TLS secret (created via cert-manager)
+    secretName: argocd-tls-cert
+
+Dit zorgt ervoor dat het eerder aangemaakte certificaat wordt gebruikt door argocd en 
+dat alleen verkeer via poort 443 mogelijk is.
+
+#ingressroutes:
+- door het LP-cluster loopt een ingressrouteTCP met tls: passtrough: true. 
+- in het DEV-cluster is alleen de ingressrouteTCP nodig:
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: argocd-route-tcp
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: HostSNI(`argocd-dev.allarddcs.nl`)
+    priority: 10
+    services:
+    - name: argocd-server
+      port: 443
+  - match: HostSNI(`argocd-dev.allarddcs.nl`) && Headers(`Content-Type`, `application/grpc`)
+    priority: 11
+    services:
+    - name: argocd-server
+      port: 443
+  tls:
+    passthrough: true
+
+of het tweede deel nodig is en werkt weet ik niet zeker. In ieder geval doet traefik GEEN tls-interrupt.
+
+#Initieel password opvragen:
+
+kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+
+#gitea repository koppelen:
+
+Checken of de repository in git aanwezig is.
+
+project: default
+https://gitea-dev.allarddcs.nl/AllardDCS/dev/olproperties (ZONDER.git!!!)
+user: allard
+password: Gitea01@
+
+#applicatie toevoegen:
+
+repository invullen
+pad toevoegen (olproperties)
+
+#api testen:
+
+er staat een argocd binary op pisvrwsv00
+argcd login https://argocd-dev.allarddcs
+argocd app list
+
+
+#task argocd-sync-and-wait installeren:
+
+kubectl apply -f argocd-task-sync-and-wait.yaml
+
+    #testen kan met:
+kubectl apply -f argocd-pipeline.yaml 
+kubectl create -f  argocd-pipeline-run.yaml

dev/argocd/argocd-certificate.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-tls-cert
+  namespace: argocd
+spec:
+  secretName: argocd-tls-cert
+  dnsNames:
+    - argocd-dev.allarddcs.nl
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer

dev/argocd/catalog-info.yaml

@@ -0,0 +1,17 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  annotations:
+    argocd.argoproj.io/hook: Skip
+  name: dev-argocd
+  title: Argocd (dev)
+  description: ArgoCD-configuratie
+  annotations:
+    backstage.io/kubernetes-label-selector: "app=argocd"
+spec:
+  type: service
+  owner: allarddcs
+  subcomponentOf: component:default/DEV-cluster
+  lifecycle: production
+  docs:
+    path: ./README.md

dev/argocd/ingressroute-http.yaml

@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-http
+  namespace: argocd
+spec:
+  entryPoints:
+    - web
+  routes:
+  - kind: Rule
+    match: Host("argocd-dev.allarddcs.nl")
+    services:
+    - kind: Service
+      name: argocd-server
+      port: 80

dev/argocd/ingressroute-tls-old.yaml

@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-tls
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - kind: Rule
+    match: Host(`argocd-dev.allarddcs.nl`)
+    priority: 10
+    services:
+    - kind: Service
+      name: argocd-server
+      port: 80
+#  - kind: Rule
+#    match: Host(`argocd-dev.allarddcs.nl`) && Headers(`Content-Type`, `application/grpc`)
+#    priority: 11
+#    services:
+#    - kind: Service
+#      name: argocd-server
+#      port: 80
+#      scheme: h2c
+  tls:
+    certResolver: letsencrypt

dev/argocd/ingressroute-tls.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-tls
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - kind: Rule
+    match: Host(`argocd-dev.allarddcs.nl`)
+    services:
+    - kind: Service
+      name: argocd-server
+      port: 443
+  tls:
+    certResolver: letsencrypt

dev/argocd/ingressroute-web-ui.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-web
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`argocd-dev.allarddcs.nl`)
+      kind: Rule
+      services:
+        - name: argocd-server
+          port: 443
+  tls:
+    secretName: argocd-tls-cert

dev/argocd/ingressrouteTCP-tls.yaml

@@ -0,0 +1,22 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: argocd-route-tcp
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: HostSNI(`argocd-dev.allarddcs.nl`)
+    priority: 10
+    services:
+    - name: argocd-server
+      port: 443
+  - match: HostSNI(`argocd-dev.allarddcs.nl`) && Headers(`Content-Type`, `application/grpc`)
+    priority: 11
+    services:
+    - name: argocd-server
+      port: 443
+  tls:
+    passthrough: true
+

dev/argocd/ingresstest.yaml

@@ -0,0 +1,46 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-http
+  namespace: argocd
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`argocd.example.com`)
+      kind: Rule
+      middlewares:
+        - name: redirect-to-https
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: https
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-https
+  namespace: argocd
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-https
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`argocd.example.com`)
+      kind: Rule
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: https
+  tls:
+    certResolver: letsencrypt
+

dev/argocd/values.yaml

@@ -0,0 +1,25 @@
+ingress:
+  server:
+    enabled: true
+    ingressClassName: traefik
+    hosts:
+      - host: argocd-dev.allarddcs.nl
+        paths:
+          - "/"
+    tls:
+      - hosts:
+          - argocd-dev.allarddcs.nl
+        secretName: argocd-tls-cert
+
+configs:
+  params:
+    # disable insecure (HTTP)
+    server.insecure: "false"
+
+server:
+  tls:
+    enabled: true
+    # name of the TLS secret (created via cert-manager)
+    secretName: argocd-tls-cert
+
+# If you want HA, you can also configure replicas, etc.