luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e2d50d8d167ff2d1cd1a65476004156fcc50defb
onelab-k8s-1.27/gitops/README.md
timotheereausanofi 4ef10ffc20 docs: bootstrap Argo Git auth and registry pull secret 
Made-with: Cursor
2026-03-20 10:16:07 +01:00

2.7 KiB
Raw Blame History

OneLab GitOps (k3s + Argo CD)

This directory holds the Helm chart that replaces docker stack deploy from the legacy Swarm installer (app/docker-compose.yml).

Layout

Path Purpose
charts/onelab Helm chart (StatefulSets, Deployments, Services, ConfigMaps, Secrets)
values/*.yaml Environment-specific overrides (non-secret defaults; use sealed/external secrets for prod)
argocd/application.yaml Example Application — set repoURL / targetRevision to your remote

Prerequisites

  1. k3s (or any Kubernetes) with default storage class for Postgres/Rabbit PVCs (e.g. local-path).
  2. Image pull access to hub.andrewalliance.com — create a docker-registry secret and reference it in imagePullSecrets: 
    kubectl create namespace onelab
kubectl create secret docker-registry hub-andrewalliance -n onelab \
  --docker-server=hub.andrewalliance.com --docker-username=... --docker-password=...
  3. RabbitMQ TLS secret (name onelab-rabbit-tls by default) — see values/k3s-example.yaml comments, or set rabbitmq.tls.embed: true with PEM strings in a private values file.
  4. Host paths (default): ensure /opt/onelab/data and /opt/onelab/logs exist on nodes that run workloads using persistence.mode: hostPath, or switch to RWX storage for multi-node.

Helm (without Argo CD)

cd gitops/charts/onelab
helm upgrade --install onelab . -n onelab --create-namespace \
  -f ../../values/k3s-example.yaml

Argo CD

  1. Push this repository to a Git remote Argo CD can read.
  2. Edit argocd/application.yaml: repoURL, targetRevision, and values file as needed.
  3. kubectl apply -f gitops/argocd/application.yaml (from a machine with a working kubeconfig).

Sync waves order Postgres → Redis/Rabbit/config → application pods.

kubectl / credentials

If kubectl reports You must be logged in, refresh your kubeconfig (e.g. copy /etc/rancher/k3s/k3s.yaml from the server or re-run your auth plugin) before applying manifests.

Private Git + registry

See docs/BOOTSTRAP.md for Argo CD access to git.luneski.fr and docker-registry for hub.andrewalliance.com.

Helm note (Windows)

Helm 3.19 may return empty content for .Files.Get on Windows; this chart uses fromYaml (.Files.AsConfig) as a workaround so packaged files still render correctly.

Not migrated in this chart

  • Edge proxy stack (app/proxy/docker-compose.yml, host 80/443) — use k3s Traefik / Ingress + cert-manager, or a separate DaemonSet/nginx chart.
  • Swarm-only secrets (e.g. ssl_passphrase) — handle via Kubernetes Secrets or external operators.
Reference in New Issue View Git Blame Copy Permalink