Füge neue ArgoCD-Anwendungen und Konfigurationen für Homelab-Apps hinzu

07_bootstrap_argocd/argocd-project-homelab.yaml

@@ -4,7 +4,7 @@ metadata:
   name: homelab
   namespace: argocd
 spec:
-  description: Cluster-weite Infrastructure
+  description: Project for Homelab Applications
   destinations:
   - namespace: '*'
     server: https://kubernetes.default.svc

07_bootstrap_argocd/homelab-apps.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: homelab-apps
+  namespace: argocd
+spec:
+  generators:
+  - git:
+      repoURL: https://git.hnrx.net/homelab/rke2-single-node.git
+      revision: HEAD
+      directories:
+      - path: 09_homelab_apps/*
+  template:
+    metadata:
+      name: '{{path.basename}}'
+    spec:
+      project: homelab
+      source:
+        repoURL: https://git.hnrx.net/homelab/rke2-single-node.git
+        path: '{{path}}'
+        helm:
+          valueFiles:
+            - values.yaml
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: '{{path.basename}}'
+      syncPolicy:
+        automated: {prune: true, selfHeal: true}

07_bootstrap_argocd/shared-gateway.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: shared-gateway
+  namespace: default
+  labels:
+    bgp.cilium.io/ip-pool: default  # Damit bekommt das Gateway eine IP aus deinem Pool
+  annotations:
+    # Damit external-dns diesen Gateway findet und einen DNS-Eintrag erstellt
+    # (falls external-dns Gateway API unterstützt, was es tut)
+    cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
+spec:
+  gatewayClassName: envoy-gateway-class
+  listeners:
+    - name: https
+      hostname: "*.k8s.hnrx.net"
+      protocol: HTTPS
+      port: 443
+      allowedRoutes:
+        namespaces:
+          from: All
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: shared-gateway-tls

09_homelab_apps/Chart.yaml

@@ -0,0 +1,3 @@
+apiVersion: v1
+name: argocd-homelab-apps
+version: 0.1.0

09_homelab_apps/templates/databasus.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: databasus
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: databasus
+    server: {{ $.Values.spec.destination.server }}
+  project: homelab-apps
+  source:
+    path: .
+    repoURL: oci://ghcr.io/databasus/charts/databasus
+    targetRevision: 2.16.3
+    helm:
+        values: |
+          persistence:
+            enabled: true
+            size: 10Gi
+            storageClassName: nfs-csi
+          route:
+            enabled: true
+            hostnames:
+              - databasus.k8s.hnrx.net
+            parentRefs:
+              - name: shared-gateway
+                namespace: default
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

09_homelab_apps/templates/freshrss.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: freshrss
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: freshrss
+    server: {{ $.Values.spec.destination.server }}
+  project: homelab-apps
+  source:
+    path: .
+    repoURL: https://git.hnrx.net/k8s/freshrss.git
+    targetRevision: main
+    directory:
+      recurse: true
+      exclude: 'renovate.json'
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

09_homelab_apps/templates/ghostfolio.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ghostfolio
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: ghostfolio
+    server: {{ $.Values.spec.destination.server }}
+  project: homelab-apps
+  source:
+    path: .
+    repoURL: https://git.hnrx.net/k8s/ghostfolio.git
+    targetRevision: main
+    directory:
+      recurse: true
+      exclude: 'renovate.json'
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

09_homelab_apps/templates/gitea-runners.yaml

@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitea-runners
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: {{ $.Values.spec.destination.namespace }}
+    server: {{ $.Values.spec.destination.server }}
+  project: default
+  source:
+    path: .
+    repoURL: https://git.hnrx.net/k8s/gitea_runners.git
+    targetRevision: main
+    kustomize:
+      namespace: {{ $.Values.spec.destination.namespace }}
+      patches:
+        - target:
+            kind: PhaseSecret
+            name: gitea-runner-secret
+          patch: |-
+            - op: replace
+              path: /spec/managedSecretReferences/0/secretNamespace
+              value: "{{ $.Values.spec.destination.namespace }}"
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

09_homelab_apps/templates/homepage-dashboard.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gethomepage
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: gethomepage
+    server: {{ $.Values.spec.destination.server }}
+  project: homelab-apps
+  source:
+    path: .
+    repoURL: https://git.hnrx.net/k8s/gethomepage-dashboard.git
+    targetRevision: main
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

09_homelab_apps/templates/n8n.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: n8n
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: n8n
+    server: {{ $.Values.spec.destination.server }}
+  project: homelab-apps
+  source:
+    path: .
+    repoURL: https://git.hnrx.net/k8s/n8n.git
+    targetRevision: main
+    directory:
+      recurse: true
+      exclude: 'renovate.json'
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

09_homelab_apps/templates/pgadmin.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: pgadmin
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: pgadmin
+    server: {{ $.Values.spec.destination.server }}
+  project: homelab-apps
+  source:
+    path: .
+    repoURL: https://git.hnrx.net/k8s/pgadmin.git
+    targetRevision: main
+    directory:
+      recurse: true
+      exclude: 'renovate.json'
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

09_homelab_apps/templates/rancher.yaml

@@ -0,0 +1,65 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: rancher
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  ignoreDifferences:
+  - group: apps
+    kind: Deployment
+    jsonPointers: ["/metadata/finalizers"]
+  destination:
+    namespace: cattle-system
+    server: {{ $.Values.spec.destination.server }}
+  project: homelab-apps
+  source:
+    repoURL: https://releases.rancher.com/server-charts/stable
+    chart: rancher
+    targetRevision: v2.13.1
+    helm:
+      values: |
+        hostname: rancher.k8s.hnrx.net
+        replicas: 1
+        bootstrapPassword: "admin123!"
+        agentTLSMode: system-store # Because we use external TLS with Let's Encrypt 
+        ingress:
+          enabled: false
+        service:
+          type: ClusterIP
+        persistence:
+          enabled: true
+          size: 10Gi
+          storageClass: nfs-csi
+        tls: external
+        extraEnv:
+          - name: CATTLE_FEATURES
+            value: "continuous-delivery=false"
+
+  syncPolicy:
+    automated: 
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: rancher-route
+  namespace: cattle-system
+spec:
+  parentRefs:
+    - name: shared-gateway  # Ihr Envoy Gateway
+      namespace: default
+  hostnames:
+    - "rancher.k8s.hnrx.net"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: rancher  # Rancher Service Name
+          port: 80  # Rancher läuft auf Port 80 intern

09_homelab_apps/values.yaml

@@ -0,0 +1,4 @@
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: homelab-apps