40 lines
1.5 KiB
Markdown
40 lines
1.5 KiB
Markdown
# Bootstrap OneLab on this cluster
|
|
|
|
## 1. Private registry (`hub.andrewalliance.com`)
|
|
|
|
By default, `gitops/values/k3s-example.yaml` matches the Swarm installer (`app/playbooks/tasks/manage-images.yml`): user **`public`**, password **`Andrew01..Release`**, and the chart creates Secret **`hub-andrewalliance`** when `registry.createPullSecret: true`.
|
|
|
|
To use other credentials, override `registry.username` / `registry.password` or create the secret manually:
|
|
|
|
```bash
|
|
kubectl create secret docker-registry hub-andrewalliance -n onelab \
|
|
--docker-server=hub.andrewalliance.com \
|
|
--docker-username='YOUR_USER' \
|
|
--docker-password='YOUR_PASSWORD'
|
|
```
|
|
|
|
…and set `registry.createPullSecret: false` plus `imagePullSecrets: [{ name: hub-andrewalliance }]`.
|
|
|
|
## 2. Argo CD + private Git (`git.luneski.fr`)
|
|
|
|
If the Application shows `authentication required: Unauthorized`, register the repo in Argo CD (CLI or UI):
|
|
|
|
```bash
|
|
# Example; use a deploy token or PAT with repo read access
|
|
argocd repo add https://git.luneski.fr/luneski/onelab-k8s.git \
|
|
--username git \
|
|
--password YOUR_TOKEN
|
|
```
|
|
|
|
Then apply the Application:
|
|
|
|
```bash
|
|
kubectl apply -f gitops/argocd/application.yaml
|
|
```
|
|
|
|
**Helm vs Argo:** If you already installed with `helm upgrade --install onelab ...`, either delete that Helm release before letting Argo manage the same resources, or keep Helm-only and do not apply the Application until you choose one controller.
|
|
|
|
## 3. RabbitMQ TLS
|
|
|
|
Secret `onelab-rabbit-tls` must exist before RabbitMQ starts (created once from `app/rabbit/ssl/` or your own PEMs).
|