k3sup install --k3s-extra-args '--no-deploy traefik' --cluster --local --k3s-version v1.21.4+k3s1
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
- Setup this repo in argocd
- Run
kubectl apply -f setup/
- Setup disks in longhorn admin
- disable local-storage default
kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
- Setup vault
- Enable approle
- create new role
vault write -force auth/approle/role/argocd
- Read settings
vault read auth/approle/role/argocd/role-id
= your_role_id
vault write -force auth/approle/role/argocd/secret-id
= your_secret_id
- Deploy yaml
cat <<EOF | kubectl apply -f -
kind: Secret
apiVersion: v1
metadata:
name: argocd-vault-plugin-credentials
namespace: argocd
type: Opaque
stringData:
AVP_AUTH_TYPE: approle
AVP_ROLE_ID: ff3f67af-e4dc-002f-f311-aa710cc310fa
AVP_SECRET_ID: 09a0864c-e98f-3708-86a2-512e9d1a2939
AVP_TYPE: vault
VAULT_ADDR: http://vault.vault:8200
EOF
- Run
kubectl apply -f setup/
- Create policy "read-all"
path "kv/data/*" { capabilities = ["read"]}
- Add policy to generated entity
traefik/http-auth/htpasswd-admin: $(htpasswd -nb username password)
cert-manager/cloudflare/api-key: $(cloudflare > User Profile > API Tokens > API Keys > Global API Key > View)
keycloak/traefik-forward-auth/issuer-url: $("https://keycloak.k8s.nickolaj.com:8443/auth/realms/master")
keycloak/traefik-forward-auth/client-id: $(keycloak > Client > create > Client ID)
keycloak/traefik-forward-auth/client-secret: $(keycloak > Client > "Client ID" > Creditentials > Secret))