/argocd-apps

Common Argo CD templates we use for self hosted cloud stuff. We're still working towards full stability, but feel free to take things or ask questions :)

Primary LanguageCSSGNU General Public License v3.0GPL-3.0

Shared Argo CD templates for self hosted infra

A collection of Argo CD templates for deploying helm apps or directories of Kubernetes (k8s) manifests as Argo CD apps. We're still working on full stability, but please feel free to ask questions or make suggestions 🧡

smallhack-argocd-apps.mov

These Argo CD apps were originally designed to be compatible with smol-k8s-lab, but they can be used anywhere :)

Core Tenants

Here's some quick guidelines, but you if you'd like to contribute, please read the full contributing guidelines here 😃!

  • Follow a base schema for all our files and directories so that we can easily make more of them faster.

  • Make secure as we go to avoid the dreaded all-at-once security pass (but we may have missed something, in which case, please let us know).

  • Be kind and if something doesn't work as it should, try to fix the upstream repo before introducing a good-enough fix here.

  • NEVER FORGET THE BACKUPS. DO YOU REMEMBER WHAT HAPPENED LAST TIME WE DIDN'T HAVE THIS RULE? 😭

All Apps

Continuous Deployment

App Directory Description
argocd The one, the only, Argo CD is used for declarative continuous delivery to Kubernetes with a fully-loaded UI. This actually deploys all the other apps and manages itself too :3

Database

App Directory Description
cloud-native-postgres-operator PostgreSQL database management operator to spin up postgres instances, collect metrics, and create backups
postgres Just a bitnami PostgreSQL database helm chart on k8s, in case you need that for something

File Storage and Backups

App Directory Description
k8up K8up is a k8s native backups done via restic, so you can sync your persistent volumes to external s3 compliant storage
nextcloud Nextcloud is a self hosted file storage cloud solution. Replaces something like google drive/photos/notes/meets/calendar - mostly stable
minio MinIO is a secure self hosted S3 compatible Object Store.
seaweedfs SeaweedFS is a secure and very fast self hosted S3 compatible Object Store specialized for either many files or large files

Experimental

App Directory Description
garage Garage is a self hosted S3 compatible Object Store
Harbor Container Registry and OCI artifact store with built-in vulernability scanning via Trivy
Longhorn Longhorn is a lightweight, reliable and easy-to-use distributed block storage system for Kubernetes. (not currently actively in development)

Identity Providers and SSO

App Directory Description
vouch-proxy helm chart for Vouch, an OAuth2 proxy that allows you to use ingress-nginx annotations to connect to a third party identity provider, giving you proper auth on websites that don't have auth. Currently works with the zitadel provider in this template, but also known to work with keycloak, google, and github
zitadel helm chart for Zitadel, an Identity Access Management tool with built in OpenIDConnect for authenticating to self hosted apps. Recommended over keycloak.

Experimental

App Directory Description
keycloak helm chart for Keycloak, an Identity Access Management tool with built in OpenIDConnect for authenticating to self hosted apps
oauth2-proxy Oauth2 proxy that works with Google, however we're testing a keycloak provider right now

Ingress

App Directory Description
cert-manager helm chart for cert-manager, for providing TLS certificates based on nginx ingress annotations
ingress-nginx helm chart for ingress-nginx, an nginx ingress controller to allow external traffic to the cluster

Monitoring

The main thing we deploy is the Kube Prometheus Stack which includes:

  • prometheus
  • alertmanager
  • grafana
  • loki
App Directory Description
kube-prometheus-stack prometheus, alertmanager, grafana for collecting metrics for monitoring/alerting, and dashboards/charts
loki-stack loki and promtail for collecting logs in prometheus
prometheus-push-gateway Installs the Prometheus Push Gateway which enables pushing metrics from jobs that would be difficult or impossible to scrape

Experimental

App Directory Description
kepler helm chart for Kepler, (Kubernetes-based Efficient Power Level Exporter), which uses eBPF to probe performance counters and other system stats, use ML models to estimate workload energy consumption based on these stats, and exports them as Prometheus metrics.

Networking

App Directory Description
metallb A helm chart for metallb which will let you manager your own ip address pool for use with ingress

Experimental

App Directory Description
cilium A helm chart for cilium, for transparently securing network connectivity/loadbalancing b/w app workloads such as app containers or processes
headscale VPN, there isn't an official helm chart, so we're still working on this
netmaker VPN utilizing wiregaurd on the backend
wireguard A helm chart for wg-access-server which uses Wireguard®️ for a VPN

Other

Other useful tools that don't fit neatly into any one category.

Experimental

App Directory Description
k8tz A helm chart for k8tz, to inject timezone info into cronjob pods
LibreTranslate A helm chart for LibreTranslate, to self host a translation tool

Security

App Directory Description
kyverno Kubernetes-native policy management

Secrets Management

App Directory Description
external-secrets-operator ESO (External Secrets Operator) used for sourcing k8s secrets from an external provider
bitwarden-external-secrets ESO Bitwarden SecretStore, for using secrets directly from bitwarden items

Experimental

App Directory Description
infisical Infisical is an open source secrets management solution and it has a k8s secrets operator.
OpenBao OpenBao is an open source secrets management solution forked from Vault and supported by the Linux Foundation.
vault Vault is an open source secrets management solution by Hashicorp.

Social Media and chat

App Directory Description
coturn TURN/STUN server for connecting VoIP peers
mastodon Selfhosted social media site, includes postgresql, elastic search (for full text searching), and valkey (in memory caching)
matrix Selfhosted chat server that plugs into a bunch of other chat apps

Virtual Machines

App Directory Description
kubevirt KubeVirt is a virtual machine management add-on for Kubernetes.

Experimental

App Directory Description
Nvidia GPU Operator The GPU Operator allows administrators of Kubernetes clusters to manage GPU nodes

Troubleshooting Tips

  • Namespace stuck in terminating state

    kubectl get namespace "<NAMESPACE>" -o json   | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/"   | kubectl replace --raw /api/v1/<NAMESPACE>/cdi/finalize -f -

  • Find all items in a namespace

    kubectl api-resources --verbs=list --namespaced -o name   | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <NAMESPACE>

  • be sure to check for and remove Mutatingwebhookconfiguration and Validatingwebhookconfiguration

  • Patching a resource you found via the Xargs search

    kubectl patch <CLASS>/<NAME>-p '{"metadata":{"finalizers":[]}}' --type=merge -n <NAMESPACE>

Art

This part is just here for fun :) If you have open source fan art, consider submitting it to the project itself and/or us, and we'll display it with credit 💙

Argo CD Squid riding a Docker whale

The Argo CD mascot, an orange squid, riding a blue docker whale. The docker whale is holding a package. It's drawn in a simple cute flat style.

same image as above but way smaller

By @jessebot