luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52847814e0af9e53e0caaa97473f5752d7e77161
onelab-k8s-1.27/gitops/README.md
timotheereausanofi 52847814e0 Add OneLab Helm chart, Argo CD Application, and GitOps values for k3s 
Made-with: Cursor
2026-03-20 10:15:15 +01:00

53 lines
2.5 KiB
Markdown
Raw Blame History

# OneLab GitOps (k3s + Argo CD)
This directory holds the **Helm chart** that replaces `docker stack deploy` from the legacy Swarm installer (`app/docker-compose.yml`).
## Layout
| Path | Purpose |
|------|---------|
| `charts/onelab` | Helm chart (StatefulSets, Deployments, Services, ConfigMaps, Secrets) |
| `values/*.yaml` | Environment-specific overrides (non-secret defaults; use sealed/external secrets for prod) |
| `argocd/application.yaml` | Example `Application` — set `repoURL` / `targetRevision` to your remote |
## Prerequisites
1. **k3s** (or any Kubernetes) with default storage class for Postgres/Rabbit PVCs (e.g. `local-path`).
2. **Image pull access** to `hub.andrewalliance.com` — create a docker-registry secret and reference it in `imagePullSecrets`:
```bash
kubectl create namespace onelab
kubectl create secret docker-registry hub-andrewalliance -n onelab \
--docker-server=hub.andrewalliance.com --docker-username=... --docker-password=...
```
3. **RabbitMQ TLS secret** (name `onelab-rabbit-tls` by default) — see `values/k3s-example.yaml` comments, or set `rabbitmq.tls.embed: true` with PEM strings in a **private** values file.
4. **Host paths** (default): ensure `/opt/onelab/data` and `/opt/onelab/logs` exist on nodes that run workloads using `persistence.mode: hostPath`, or switch to RWX storage for multi-node.
## Helm (without Argo CD)
```bash
cd gitops/charts/onelab
helm upgrade --install onelab . -n onelab --create-namespace \
-f ../../values/k3s-example.yaml
```
## Argo CD
1. Push this repository to a Git remote Argo CD can read.
2. Edit `argocd/application.yaml`: `repoURL`, `targetRevision`, and values file as needed.
3. `kubectl apply -f gitops/argocd/application.yaml` (from a machine with a working kubeconfig).
Sync waves order Postgres → Redis/Rabbit/config → application pods.
## kubectl / credentials
If `kubectl` reports *You must be logged in*, refresh your kubeconfig (e.g. copy `/etc/rancher/k3s/k3s.yaml` from the server or re-run your auth plugin) before applying manifests.
## Helm note (Windows)
Helm 3.19 may return empty content for `.Files.Get` on Windows; this chart uses `fromYaml (.Files.AsConfig)` as a workaround so packaged files still render correctly.
## Not migrated in this chart
- **Edge proxy stack** (`app/proxy/docker-compose.yml`, host 80/443) — use k3s **Traefik** / **Ingress** + **cert-manager**, or a separate DaemonSet/nginx chart.
- **Swarm-only secrets** (e.g. `ssl_passphrase`) — handle via Kubernetes Secrets or external operators.
Reference in New Issue View Git Blame Copy Permalink