Added argocd app.

cluster/apps/argocd/README.md

@@ -0,0 +1,17 @@
+# ArgoCD
+
+Get the initial password :
+
+```
+kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
+```
+
+This was not working, so I just set it to "admin", and changed it once logged (see https://github.com/argoproj/argo-cd/blob/master/docs/faq.md#i-forgot-the-admin-password-how-do-i-reset-it) :
+
+```
+kubectl -n argocd patch secret argocd-secret \
+  -p '{"stringData": {
+    "admin.password": "$2a$10$VnL1iI2bgUDJE1hmgBLLYeJWTalVjKLeOdTo9o8EIAtlkfkPNzhtO",
+    "admin.passwordMtime": "'$(date +%FT%T%Z)'"
+  }}'
+```

cluster/apps/argocd/argocd-cmd-params-cm.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+data:
+  server.insecure: "true"

cluster/apps/argocd/certificate.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: tls-argocd
+  namespace: argocd
+spec:
+  commonName: argocd.${SECRET_DOMAIN}
+  secretName: tls-argocd
+  dnsNames:
+    - argocd.${SECRET_DOMAIN}
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer

cluster/apps/argocd/ingress.yaml

@@ -0,0 +1,26 @@
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argocd.${SECRET_DOMAIN}`)
+      priority: 10
+      services:
+        - name: argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argocd.${SECRET_DOMAIN}`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: h2c
+  tls:
+    secretName: tls-argocd

cluster/apps/argocd/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - certificate.yaml
+  - ingress.yaml
+  - install.yaml
+patchesStrategicMerge:
+  - argocd-cmd-params-cm.yaml
+namespace: argocd

cluster/apps/kustomization.yaml

@@ -8,4 +8,5 @@ resources:
   - networking
   - harbor
   - ttrss
+  - argocd
   - simplebookmarks-staging

cluster/apps/simplebookmarks-staging/Makefile

@@ -2,10 +2,10 @@
 
 all: generate-registry-secret
 
-SECRET_DOMAIN = $(shell sops -d --extract '["stringData"]["SECRET_DOMAIN"]' ../../base/cluster-secrets.sops.yaml)
-SECRET_DOCKER_USERNAME = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_USERNAME"]' ../../base/cluster-secrets.sops.yaml)
-SECRET_DOCKER_PASSWORD = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_PASSWORD"]' ../../base/cluster-secrets.sops.yaml)
-SECRET_DOCKER_EMAIL = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_EMAIL"]' ../../base/cluster-secrets.sops.yaml)
+SECRET_DOMAIN = $(shell sops -d --extract '["stringData"]["SECRET_DOMAIN"]' ../../config/cluster-secrets.sops.yaml)
+SECRET_DOCKER_USERNAME = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_USERNAME"]' ../../config/cluster-secrets.sops.yaml)
+SECRET_DOCKER_PASSWORD = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_PASSWORD"]' ../../config/cluster-secrets.sops.yaml)
+SECRET_DOCKER_EMAIL = $(shell sops -d --extract '["stringData"]["SECRET_SIMPLEBOOKMARKS_DOCKER_EMAIL"]' ../../config/cluster-secrets.sops.yaml)
 
 generate-registry-secret:
 	kubectl create secret docker-registry docker-registry-harbor --docker-server=harbor.$(SECRET_DOMAIN)/simplebookmarks --docker-username=$(SECRET_DOCKER_USERNAME) --docker-password=$(SECRET_DOCKER_PASSWORD) --docker-email=$(SECRET_DOCKER_EMAIL) --dry-run=client -o yaml > ./docker-secret.yaml