diff --git a/README.md b/README.md index a32cab5..54ae678 100644 --- a/README.md +++ b/README.md @@ -6,21 +6,20 @@ This is a **Kubernetes cluster bootstrapping and GitOps configuration repository ``` . -├── bootstrap.sh # Main bootstrap script to initialize ArgoCD and cluster -├── argocd/ # ArgoCD configuration (primary entrypoint) -│ ├── _app-of-apps.yaml # App-of-apps pattern: parent Application that manages all child apps -│ ├── infra/ # Individual ArgoCD Application resources for infrastructure -│ │ ├── traefik-application.yaml # Ingress controller (Traefik) -│ │ ├── cert-manager-application.yaml # TLS certificate management -│ │ ├── kyverno.yaml # Policy engine for security -│ │ ├── prometheus.yaml # Metrics & monitoring -│ │ ├── grafana.yaml # Monitoring visualization -│ │ ├── loki.yaml # Log aggregation -│ │ ├── fluent-bit.yaml # Log shipping -│ │ ├── trivy.yaml # Container scanning -│ │ ├── sealedsecrets.yaml # Secret encryption -│ │ └── cluster-resources-application.yaml # Cluster-wide resources -│ ├── apps/ # Application resources (currently unused/empty) +├── bootstrap.sh # Main bootstrap script to initialize ArgoCD and cluster +├── apps/ # Application resources (currently unused/empty) +├── infra/ # Individual ArgoCD Application resources for infrastructure +│ ├── _app-of-apps.yaml # App-of-apps pattern: parent Infra Application that manages all infrastructure apps +│ ├── traefik-application.yaml # Ingress controller (Traefik) +│ ├── cert-manager-application.yaml # TLS certificate management +│ ├── kyverno.yaml # Policy engine for security +│ ├── prometheus.yaml # Metrics & monitoring +│ ├── grafana.yaml # Monitoring visualization +│ ├── loki.yaml # Log aggregation +│ ├── fluent-bit.yaml # Log shipping +│ ├── trivy.yaml # Container scanning +│ ├── sealedsecrets.yaml # Secret encryption +│ └── cluster-resources-application.yaml # Cluster-wide resources │ └── values/ # Helm value overrides for ArgoCD and services │ ├── argocd-values.yaml # ArgoCD server configuration │ ├── prometheus-values.yaml @@ -36,7 +35,8 @@ This is a **Kubernetes cluster bootstrapping and GitOps configuration repository ## Architecture & Key Concepts ### GitOps Model -- **App-of-Apps Pattern**: `argocd/_app-of-apps.yaml` is the root Application that manages all child applications +- **App-of-Apps Pattern**: `infra/_app-of-apps.yaml` is the root Application that manages all infrastructure applications +- **App-of-Apps Pattern**: `apps/_app-of-apps.yaml` is the root Application that manages all custom applications - **Source of Truth**: GitHub repository (`https://github.com/snothub/sturdy-adventure.git`) is the single source of truth - **Auto-sync**: All Applications have automated sync enabled with auto-pruning and self-healing - **Namespace Creation**: `CreateNamespace=true` allows ArgoCD to create namespaces as needed @@ -98,13 +98,13 @@ kubectl get secrets -n ``` ### Deploy Changes -- Changes to YAML files in `argocd/infra/`, `argocd/values/`, or `cluster-resources/` are automatically synced by ArgoCD +- Changes to YAML files in `apps/`, `infra/`, `**/values/`, or `cluster-resources/` are automatically synced by ArgoCD - Push changes to the GitHub repository for them to be reflected - ArgoCD reconciliation happens every 60s (`timeout.reconciliation: 60s`) - Each application has a 5-minute sync timeout to prevent stalled deployments ### Review Helm Values -Application-specific Helm value overrides are in `argocd/values/` and referenced within each Application's Helm configuration. Each application manifest uses both external value files and inline overrides where needed. +Application-specific Helm value overrides are in `**/values/` and referenced within each Application's Helm configuration. Each application manifest uses both external value files and inline overrides where needed. ### Application Organization & Sync Ordering - Infrastructure applications use `argocd.argoproj.io/sync-wave` annotations for ordered deployment @@ -117,8 +117,8 @@ Application-specific Helm value overrides are in `argocd/values/` and referenced - **No admin auth in development**: ArgoCD has `admin.enabled: "false"` - suitable for local/dev only - **Insecure server mode**: `--insecure` and `--disable-auth` flags are set - not for production - **Folder organization**: - - `argocd/infra/` contains infrastructure/platform components (Traefik, Cert-Manager, Prometheus, Grafana, Loki, etc.) - - `argocd/apps/` is reserved for business applications (currently empty) + - `infra/` contains infrastructure/platform components (Traefik, Cert-Manager, Prometheus, Grafana, Loki, etc.) + - `apps/` is reserved for business applications (currently empty) - **Replica counts**: Traefik runs 2 replicas; other services run 1 replica - **Retry policy**: All applications retry up to 5 times with exponential backoff (max 3m timeout per application) - **Ignore replica scaling**: Deployments ignore replica count differences to allow HPA/manual scaling @@ -130,6 +130,6 @@ Application-specific Helm value overrides are in `argocd/values/` and referenced - **Check ArgoCD logs**: `kubectl logs -n argocd deployment/argocd-application-controller` - **Validate YAML**: Files are validated server-side (`Validate=true`) before applying - **Resource tracking**: Uses annotation-based method (`application.resourceTrackingMethod: annotation`) -- **Modify applications**: Edit the corresponding YAML in `argocd/infra/` and push to trigger sync -- **Add new services**: Create a new Application YAML in `argocd/infra/` following the pattern of existing ones, then it will be auto-discovered by the app-of-apps -- **Application folder naming**: Infrastructure components are in `argocd/infra/`; `argocd/apps/` is reserved for business applications (currently empty) +- **Modify applications**: Edit the corresponding YAML in `infra/` and push to trigger sync +- **Add new services**: Create a new Application YAML in `apps/` following the pattern of existing ones, then it will be auto-discovered by the app-of-apps +- **Application folder naming**: Infrastructure components are in `infra/`; `apps/` is reserved for business applications (currently empty)