homelab/rke2-single-node
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

starting homelab RKE2 cluster

Browse Source
This commit is contained in:
Matthias Hinrichs
2026-01-13 14:42:19 +01:00
commit 9e5a1d7546
14 changed files with 464 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
06_argocd_installation/argo-prepare.yaml
+54
View File
@@ -0,0 +1,54 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: argocd
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: argocd-gateway
namespace: argocd
labels:
bgp.cilium.io/ip-pool: default # Damit bekommt das Gateway eine IP aus deinem Pool
annotations:
# Damit external-dns diesen Gateway findet und einen DNS-Eintrag erstellt
# (falls external-dns Gateway API unterstützt, was es tut)
cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
spec:
gatewayClassName: envoy-gateway-class
listeners:
- name: https
hostname: "argocd.k8s.hnrx.net"
protocol: HTTPS
port: 443
allowedRoutes:
namespaces:
from: All
tls:
mode: Terminate
certificateRefs:
- name: argocd-gateway-tls
- name: http
hostname: "argocd.k8s.hnrx.net"
protocol: HTTP
port: 80
allowedRoutes:
kinds:
- kind: HTTPRoute
- kind: GRPCRoute
namespaces:
from: All
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: argocd-gateway-tls
namespace: argocd
spec:
secretName: argocd-gateway-tls
dnsNames:
- argocd.k8s.hnrx.net
issuerRef:
name: cloudflare-cluster-issuer
kind: ClusterIssuer
06_argocd_installation/argo-values.yaml
+100
View File
@@ -0,0 +1,100 @@
global:
domain: "argocd.k8s.hnrx.net"
extraObjects:
- apiVersion: secrets.phase.dev/v1alpha1
kind: PhaseSecret
metadata:
name: argocd-phase-secret
namespace: argocd
labels:
app.kubernetes.io/part-of: argocd
spec:
phaseApp: 'argocd' # The name of your Phase application
phaseAppEnv: 'production' # OPTIONAL - The Phase App Environment to fetch secrets from
phaseAppEnvPath: '/' # OPTIONAL Path within the Phase application environment to fetch secrets from
phaseHost: 'https://phase.hnrx.net' # OPTIONAL - URL of a Phase Console instance
authentication:
serviceToken:
serviceTokenSecretReference:
secretName: 'phase-service-token' # Name of the Phase Service Token with access to your application
secretNamespace: 'default'
managedSecretReferences:
- secretName: 'argocd-authentik-client-secret' # Name of the Kubernetes managed secret that Phase will sync
secretNamespace: 'argocd'
configs:
cm:
url: https://argocd.k8s.hnrx.net
dex.config: |
connectors:
- config:
issuer: ${AUTHENTIK_ISSUER_URL}
clientID: ${AUTHENTIK_CLIENT_ID}
clientSecret: ${AUTHENTIK_CLIENT_SECRET}
insecureEnableGroups: true
scopes:
- openid
- profile
- email
name: authentik
type: oidc
id: authentik
params:
server.insecure: true
rbac:
policy.csv: |
g, ArgoCD Admins, role:admin
g, ArgoCD Viewers, role:readonly
secret:
extra:
dex.authentik.clientSecret: "${AUTHENTIK_CLIENT_SECRET}"
cmp:
credentialTemplates:
https-creds:
url: https://git.hnrx.net
username: ${GIT_USER}
password: ${GIT_PASSWORD}
dex:
envFrom:
- secretRef:
name: argocd-authentik-client-secret
server:
httproute:
enabled: true
parentRefs:
- name: argocd-gateway
namespace: argocd
sectionName: https
hostnames:
- "argocd.k8s.hnrx.net"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: argocd-server
port: 80
grpcroute:
enabled: true
parentRefs:
- name: argocd-gateway
namespace: argocd
sectionName: http
hostnames:
- "argocd.k8s.hnrx.net"
rules:
- matches:
- method:
type: Exact
service: "cluster.argoproj.v1alpha1.repositorieservice"
method: "List"
backendRefs:
- name: argocd-server
port: 443
06_argocd_installation/installation_instructions.md
+5
View File
@@ -0,0 +1,5 @@
# Argo-CD Installation mit SSO über Authentik
helm repo add argo https://argoproj.github.io/argo-helm
helm upgrade --install argocd argo/argo-cd --namespace argocd -f argo-values.yaml