Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

initial

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-02-07 21:16:15 +01:00
commit a42a07b669
21 changed files with 849 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
argocd/apps/application.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: music-man
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://github.com/snothub/scaling-parakeet.git
targetRevision: HEAD
path: helm-chart
helm:
valueFiles:
- values.yaml
values: |
app:
image:
tag: v3.4.11 # Updated automatically by GitHub Actions on release
parameters:
- name: secrets.databasePassword
value: "change-me-in-production"
destination:
server: https://kubernetes.default.svc
namespace: music-man
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=false
- Replace=false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas

90
argocd/apps/cert-manager-application.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: "v1.14.0"
helm:
values: |
# Install CustomResourceDefinitions
installCRDs: true
# Global configuration
global:
leaderElection:
namespace: cert-manager
# Webhook configuration
webhook:
enabled: true
replicaCount: 1
timeoutSeconds: 10
# Disable Istio sidecar injection for webhook to avoid mTLS issues
podAnnotations:
sidecar.istio.io/inject: "false"
# CA Injector
caInjector:
enabled: true
replicaCount: 1
# Disable Istio sidecar injection for CA injector
podAnnotations:
sidecar.istio.io/inject: "false"
# Disable Istio sidecar for main controller pods
podAnnotations:
sidecar.istio.io/inject: "false"
# Security context
podSecurityPolicy:
enabled: false
# Resources
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
# Service account
serviceAccount:
create: true
name: cert-manager
# Enable debug logging if needed (set to false for production)
logLevel: 2
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
# Patch namespace to disable Istio injection
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=false
- Replace=false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

38
argocd/apps/cluster-resources-application.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-resources
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://github.com/snothub/scaling-parakeet.git
targetRevision: HEAD
path: cluster-resources
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=false
- Replace=false
- ApplyOutOfSyncOnly=false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

41
argocd/apps/fluent-bit.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: fluent-bit
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://fluent.github.io/helm-charts
chart: fluent-bit
targetRevision: 0.47.10
helm:
releaseName: fluent-bit
valueFiles:
- $values/argocd/values/fluent-bit-values.yaml
- repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git
targetRevision: main
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

41
argocd/apps/grafana.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://grafana.github.io/helm-charts
chart: grafana
targetRevision: latest
helm:
releaseName: grafana
valueFiles:
- $values/argocd/values/grafana-values.yaml
- repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git
targetRevision: main
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

35
argocd/apps/kyverno.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kyverno
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
chart: kyverno
repoURL: https://kyverno.github.io/kyverno/
targetRevision: v1.13.0 # Update to latest stable version
helm:
releaseName: kyverno
destination:
server: https://kubernetes.default.svc
namespace: kyverno
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

41
argocd/apps/loki.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://grafana.github.io/helm-charts
chart: loki
targetRevision: latest
helm:
releaseName: loki
valueFiles:
- $values/argocd/values/loki-values.yaml
- repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git
targetRevision: main
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

41
argocd/apps/prometheus.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://prometheus-community.github.io/helm-charts
chart: prometheus
targetRevision: latest
helm:
releaseName: prometheus
valueFiles:
- $values/argocd/values/prometheus-values.yaml
- repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git
targetRevision: main
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

38
argocd/apps/sealedsecrets.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sealed-secrets
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
chart: sealed-secrets
repoURL: https://bitnami-labs.github.io/sealed-secrets
targetRevision: 2.16.2 # Update to latest stable version
helm:
releaseName: sealed-secrets
parameters:
- name: fullnameOverride
value: sealed-secrets-controller
destination:
server: https://kubernetes.default.svc
namespace: kube-system
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=false # kube-system already exists
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

65
argocd/apps/traefik-application.yaml Normal file
View File

@@ -0,0 +1,65 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://traefik.github.io/charts
chart: traefik
targetRevision: "28.0.0"
helm:
values: |
deployment:
replicas: 2
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping
ingressClass:
enabled: true
isDefaultClass: true
# Configure entry points
entryPoints:
web:
address: :80
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
address: :443
http:
tls: {}
destination:
server: https://kubernetes.default.svc
namespace: traefik-system
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=false
- Replace=false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

38
argocd/apps/trivy.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: trivy
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
chart: trivy-operator
repoURL: https://aquasecurity.github.io/helm-charts
targetRevision: v0.0.7 # Update to latest stable version
helm:
releaseName: trivy-operator
parameters:
- name: trivy.ignoreUnfixed
value: "true"
destination:
server: https://kubernetes.default.svc
namespace: kube-system
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=false # kube-system already exists
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m