luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(argocd): multisource patch doc, Ingress grafana-onelab

Browse Source 
- Root cause: live Application kept spec.source; Argo ignored observability chart
- Add jsonpatch-multisource.json + argocd/README.md migration steps
- Grafana: disable subchart ingress; add templates/ingress-grafana-onelab.yaml

Made-with: Cursor
This commit is contained in:
timotheereausanofi
2026-03-20 11:13:55 +01:00
parent b91c35c410
commit 3802418582
7 changed files with 105 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
gitops/argocd/README.md Normal file
View File

@@ -0,0 +1,27 @@
# Argo CD Application
Apply the Application:
```bash
kubectl apply -f gitops/argocd/application.yaml
```
## Migrating from `spec.source` to `spec.sources`
If the `onelab` Application was created **before** the observability stack, the live object may still have **`spec.source`** only. A plain `kubectl apply` of the new manifest often **does not remove** `spec.source`, so Argo never reconciles the second chart (Loki/Promtail/Grafana).
**Check:**
```bash
kubectl get application onelab -n argocd -o jsonpath='{.spec.source}{"\n"}{.spec.sources}{"\n"}'
```
If `source` is set and `sources` is empty, patch once:
```bash
kubectl patch application onelab -n argocd --type json --patch-file gitops/argocd/jsonpatch-multisource.json
```
Then sync the app in Argo (or wait for auto-sync).
Adjust `repoURL` in `jsonpatch-multisource.json` if your remote differs.

3
gitops/argocd/application.yaml
View File

@@ -1,5 +1,8 @@
# Syncs OneLab app + observability (Loki/Promtail/Grafana) into namespace onelab. # Syncs OneLab app + observability (Loki/Promtail/Grafana) into namespace onelab.
# Requires Argo CD 2.6+ (spec.sources). Ensure repoURL matches your remote. # Requires Argo CD 2.6+ (spec.sources). Ensure repoURL matches your remote.
#
# If you already had this Application with spec.source only, kubectl apply may not drop
# source — see README.md in this folder and jsonpatch-multisource.json.
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:

23
gitops/argocd/jsonpatch-multisource.json Normal file
View File

@@ -0,0 +1,23 @@
[
{"op": "remove", "path": "/spec/source"},
{"op": "add", "path": "/spec/sources", "value": [
{
"repoURL": "https://git.luneski.fr/luneski/onelab-k8s.git",
"targetRevision": "main",
"path": "gitops/charts/onelab",
"helm": {
"releaseName": "onelab",
"valueFiles": ["../../values/k3s-example.yaml"]
}
},
{
"repoURL": "https://git.luneski.fr/luneski/onelab-k8s.git",
"targetRevision": "main",
"path": "gitops/observability",
"helm": {
"releaseName": "onelab-obs",
"valueFiles": ["values.yaml"]
}
}
]}
]

2
gitops/docs/BOOTSTRAP.md
View File

@@ -52,4 +52,6 @@ Secret `onelab-rabbit-tls` must exist before RabbitMQ starts (created once from
`gitops/argocd/application.yaml` uses **`spec.sources`** (two Helm charts in one Application). Use **Argo CD 2.6 or newer**. `gitops/argocd/application.yaml` uses **`spec.sources`** (two Helm charts in one Application). Use **Argo CD 2.6 or newer**.
If the `onelab` Application was created earlier with **`spec.source` only**, Argo will **not** show the observability resources until you remove `source` and set `sources` (a plain `kubectl apply` often leaves the old field). Use [`gitops/argocd/jsonpatch-multisource.json`](../argocd/jsonpatch-multisource.json) as documented in [`gitops/argocd/README.md`](../argocd/README.md).
The second source installs Loki/Promtail/Grafana from `gitops/observability/` (`releaseName: onelab-obs`). Set a strong **`grafana.adminPassword`** in `gitops/observability/values.yaml` before production. Details: [OBSERVABILITY.md](OBSERVABILITY.md). The second source installs Loki/Promtail/Grafana from `gitops/observability/` (`releaseName: onelab-obs`). Set a strong **`grafana.adminPassword`** in `gitops/observability/values.yaml` before production. Details: [OBSERVABILITY.md](OBSERVABILITY.md).

4
gitops/docs/OBSERVABILITY.md
View File

@@ -16,9 +16,9 @@ It is synced by the **same** Argo CD Application as the OneLab chart ([`gitops/a
## Access Grafana ## Access Grafana
An **Ingress** is enabled by default (Traefik + cert-manager), matching the OneLab web UI pattern in `gitops/values/k3s-example.yaml`: An **Ingress** named **`grafana-onelab`** is created by the umbrella chart (`templates/ingress-grafana-onelab.yaml`), Traefik + cert-manager, matching the OneLab web UI pattern in `gitops/values/k3s-example.yaml`:
- Host: **`grafana.k8s.selair.it`** (edit in `gitops/observability/values.yaml` alongside `grafana.ini.server` `domain` / `root_url`). - Host: **`grafana.k8s.selair.it`** edit `grafanaOnelabIngress` and `grafana.ini.server` in `gitops/observability/values.yaml` together.
- TLS Secret: **`grafana-tls-k8s-selair`** (cert-manager with `letsencrypt-prod`). - TLS Secret: **`grafana-tls-k8s-selair`** (cert-manager with `letsencrypt-prod`).
Point DNS at your ingress, sync the app, then open `https://<grafana-host>/` (user `admin` until you change values). Point DNS at your ingress, sync the app, then open `https://<grafana-host>/` (user `admin` until you change values).

36
gitops/observability/templates/ingress-grafana-onelab.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if .Values.grafanaOnelabIngress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-onelab
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-onelab
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: observability
annotations:
argocd.argoproj.io/sync-wave: "0"
cert-manager.io/cluster-issuer: {{ .Values.grafanaOnelabIngress.clusterIssuer | quote }}
{{- with .Values.grafanaOnelabIngress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.grafanaOnelabIngress.className | quote }}
{{- if .Values.grafanaOnelabIngress.tls }}
tls:
- hosts:
- {{ .Values.grafanaOnelabIngress.host | quote }}
secretName: {{ .Values.grafanaOnelabIngress.tlsSecretName | quote }}
{{- end }}
rules:
- host: {{ .Values.grafanaOnelabIngress.host | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ printf "%s-grafana" .Release.Name }}
port:
number: {{ .Values.grafanaOnelabIngress.servicePort }}
{{- end }}

25
gitops/observability/values.yaml
View File

@@ -87,7 +87,17 @@ promtail:
mountPath: /onelab-host-logs mountPath: /onelab-host-logs
readOnly: true readOnly: true
# Grafana Ingress: align host/TLS with gitops/values/k3s-example.yaml ingress (Traefik + cert-manager). # Named Ingress grafana-onelab (templates/ingress-grafana-onelab.yaml). Grafana subchart ingress is disabled.
grafanaOnelabIngress:
enabled: true
className: traefik
host: grafana.k8s.selair.it
tls: true
tlsSecretName: grafana-tls-k8s-selair
clusterIssuer: letsencrypt-prod
servicePort: 80
annotations: {}
grafana: grafana:
adminUser: admin adminUser: admin
adminPassword: changeme adminPassword: changeme
@@ -102,18 +112,7 @@ grafana:
domain: grafana.k8s.selair.it domain: grafana.k8s.selair.it
root_url: https://grafana.k8s.selair.it/ root_url: https://grafana.k8s.selair.it/
ingress: ingress:
enabled: true enabled: false
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- grafana.k8s.selair.it
path: /
pathType: Prefix
tls:
- secretName: grafana-tls-k8s-selair
hosts:
- grafana.k8s.selair.it
datasources: datasources:
datasources.yaml: datasources.yaml:
apiVersion: 1 apiVersion: 1