This repository contains the Kubernetes application configurations managed by ArgoCD. It follows GitOps principles to declaratively manage your Kubernetes cluster's state.
Note: This repository is a work in progress and is not yet ready for production use. The idea is to have a place where to learn ArgoCD and GitOps in general.
apps/
├── kube-system/ # System components
│ └── sealed-secrets/ # Sealed Secrets controller
│
├── monitoring/ # Monitoring stack
│ └── prometheus-stack/ # Prometheus, Grafana, and Alertmanager
│
├── operators/ # Cluster operators
│ └── external-secrets/ # External Secrets Operator
│
├── services/ # Application services
│ ├── adguard/ # AdGuard Home
│ ├── argocd/ # ArgoCD configuration
│ ├── cert-manager/ # Cert Manager
│ └── tailscale/ # Tailscale VPN
- Kubernetes cluster with ArgoCD installed
kubectlconfigured to access your clusterhelm(v3+) for local chart developmentkubesealfor managing sealed secretskustomizefor managing Kubernetes resources
This repository uses an ArgoCD ApplicationSet for bootstrapping applications. The bootstrap configuration is located at apps/services/argocd/bootstrap-app-set.yaml.
Before deploying applications that require secrets:
- Ensure the Sealed Secrets controller is installed
- Seal your secrets using
kubeseal:
# Create a Kubernetes secret
kubectl create secret generic my-secret \
--from-literal=username=admin \
--from-literal=password=secret \
-n my-namespace \
--dry-run=client \
-o yaml > my-secret.yaml
# Seal the secret
kubeseal --format=yaml --cert=public-key.pem < my-secret.yaml > my-sealed-secret.yamlTo use Bitwarden as a secrets backend:
- Update
apps/operators/external-secrets/bitwarden-secret-store.yamlwith your Bitwarden API configuration - Seal your Bitwarden credentials (see the operator's README)
- Commit the sealed credentials to the repository