luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: bootstrap Argo Git auth and registry pull secret

Browse Source 
Made-with: Cursor
This commit is contained in:
timotheereausanofi
2026-03-20 10:16:07 +01:00
parent 52847814e0
commit 4ef10ffc20
2 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gitops/README.md
View File

@@ -42,6 +42,10 @@ Sync waves order Postgres → Redis/Rabbit/config → application pods.
If `kubectl` reports *You must be logged in*, refresh your kubeconfig (e.g. copy `/etc/rancher/k3s/k3s.yaml` from the server or re-run your auth plugin) before applying manifests. If `kubectl` reports *You must be logged in*, refresh your kubeconfig (e.g. copy `/etc/rancher/k3s/k3s.yaml` from the server or re-run your auth plugin) before applying manifests.
## Private Git + registry
See [docs/BOOTSTRAP.md](docs/BOOTSTRAP.md) for Argo CD access to `git.luneski.fr` and `docker-registry` for `hub.andrewalliance.com`.
## Helm note (Windows) ## Helm note (Windows)
Helm 3.19 may return empty content for `.Files.Get` on Windows; this chart uses `fromYaml (.Files.AsConfig)` as a workaround so packaged files still render correctly. Helm 3.19 may return empty content for `.Files.Get` on Windows; this chart uses `fromYaml (.Files.AsConfig)` as a workaround so packaged files still render correctly.

44
gitops/docs/BOOTSTRAP.md Normal file
View File

@@ -0,0 +1,44 @@
# Bootstrap OneLab on this cluster
## 1. Private registry (`hub.andrewalliance.com`)
Pods need an image pull secret in namespace `onelab`:
```bash
kubectl create secret docker-registry hub-andrewalliance -n onelab \
--docker-server=hub.andrewalliance.com \
--docker-username='YOUR_USER' \
--docker-password='YOUR_PASSWORD'
```
Then set in `gitops/values/k3s-example.yaml`:
```yaml
imagePullSecrets:
- name: hub-andrewalliance
```
Commit, push, and either `helm upgrade` or let Argo CD sync.
## 2. Argo CD + private Git (`git.luneski.fr`)
If the Application shows `authentication required: Unauthorized`, register the repo in Argo CD (CLI or UI):
```bash
# Example; use a deploy token or PAT with repo read access
argocd repo add https://git.luneski.fr/luneski/onelab-k8s.git \
--username git \
--password YOUR_TOKEN
```
Then apply the Application:
```bash
kubectl apply -f gitops/argocd/application.yaml
```
**Helm vs Argo:** If you already installed with `helm upgrade --install onelab ...`, either delete that Helm release before letting Argo manage the same resources, or keep Helm-only and do not apply the Application until you choose one controller.
## 3. RabbitMQ TLS
Secret `onelab-rabbit-tls` must exist before RabbitMQ starts (created once from `app/rabbit/ssl/` or your own PEMs).