From 4ef10ffc20c48ec756d24c7e79e01b22826b06f5 Mon Sep 17 00:00:00 2001 From: timotheereausanofi Date: Fri, 20 Mar 2026 10:16:07 +0100 Subject: [PATCH] docs: bootstrap Argo Git auth and registry pull secret Made-with: Cursor --- gitops/README.md | 4 ++++ gitops/docs/BOOTSTRAP.md | 44 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 gitops/docs/BOOTSTRAP.md diff --git a/gitops/README.md b/gitops/README.md index 30a32ac..ca29426 100644 --- a/gitops/README.md +++ b/gitops/README.md @@ -42,6 +42,10 @@ Sync waves order Postgres → Redis/Rabbit/config → application pods. If `kubectl` reports *You must be logged in*, refresh your kubeconfig (e.g. copy `/etc/rancher/k3s/k3s.yaml` from the server or re-run your auth plugin) before applying manifests. +## Private Git + registry + +See [docs/BOOTSTRAP.md](docs/BOOTSTRAP.md) for Argo CD access to `git.luneski.fr` and `docker-registry` for `hub.andrewalliance.com`. + ## Helm note (Windows) Helm 3.19 may return empty content for `.Files.Get` on Windows; this chart uses `fromYaml (.Files.AsConfig)` as a workaround so packaged files still render correctly. diff --git a/gitops/docs/BOOTSTRAP.md b/gitops/docs/BOOTSTRAP.md new file mode 100644 index 0000000..e4d8455 --- /dev/null +++ b/gitops/docs/BOOTSTRAP.md @@ -0,0 +1,44 @@ +# Bootstrap OneLab on this cluster + +## 1. Private registry (`hub.andrewalliance.com`) + +Pods need an image pull secret in namespace `onelab`: + +```bash +kubectl create secret docker-registry hub-andrewalliance -n onelab \ + --docker-server=hub.andrewalliance.com \ + --docker-username='YOUR_USER' \ + --docker-password='YOUR_PASSWORD' +``` + +Then set in `gitops/values/k3s-example.yaml`: + +```yaml +imagePullSecrets: + - name: hub-andrewalliance +``` + +Commit, push, and either `helm upgrade` or let Argo CD sync. + +## 2. Argo CD + private Git (`git.luneski.fr`) + +If the Application shows `authentication required: Unauthorized`, register the repo in Argo CD (CLI or UI): + +```bash +# Example; use a deploy token or PAT with repo read access +argocd repo add https://git.luneski.fr/luneski/onelab-k8s.git \ + --username git \ + --password YOUR_TOKEN +``` + +Then apply the Application: + +```bash +kubectl apply -f gitops/argocd/application.yaml +``` + +**Helm vs Argo:** If you already installed with `helm upgrade --install onelab ...`, either delete that Helm release before letting Argo manage the same resources, or keep Helm-only and do not apply the Application until you choose one controller. + +## 3. RabbitMQ TLS + +Secret `onelab-rabbit-tls` must exist before RabbitMQ starts (created once from `app/rabbit/ssl/` or your own PEMs).