ghndrx/homelab-gitops
1
0
Fork 0
mirror of https://github.com/ghndrx/homelab-gitops.git synced 2026-02-09 22:34:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
homelab-gitops/docs/BOOTSTRAP.md
Greg Hendrickson 124a29a0a9 feat: add ArgoCD bootstrap with ApplicationSet pattern 
- Add root ApplicationSet using Git Directory Generator
- Configure AppProjects for infrastructure and apps separation
- Add cert-manager with Let's Encrypt ClusterIssuers (staging/prod)
- Add SOPS configuration for age-encrypted secrets
- Add bootstrap documentation (docs/BOOTSTRAP.md)
- Scaffold infrastructure dirs (networking, storage, monitoring)
- Update README with quick start and architecture

GitOps pattern: directories auto-discovered by ArgoCD ApplicationSets
Reference: CNCF App-of-Apps best practices 2025
2026-02-02 18:02:42 +00:00

2.4 KiB
Raw Permalink Blame History

Cluster Bootstrap Guide

This guide walks through bootstrapping a new k3s cluster with ArgoCD GitOps.

Prerequisites

  • k3s cluster running
  • kubectl configured with cluster access
  • age installed for SOPS encryption
  • GitHub repo access configured

1. Install ArgoCD

# Create namespace
kubectl create namespace argocd

# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Wait for pods
kubectl wait --for=condition=available deployment/argocd-server -n argocd --timeout=300s

2. Configure SOPS

# Generate age key (one-time)
age-keygen -o ~/.config/sops/age/keys.txt

# Get public key
cat ~/.config/sops/age/keys.txt | grep "public key"

# Update .sops.yaml with your public key
# Create k8s secret for ArgoCD to decrypt
kubectl create secret generic sops-age \
  --namespace=argocd \
  --from-file=key.txt=~/.config/sops/age/keys.txt

3. Bootstrap the Cluster

# Apply root kustomization
kubectl apply -k clusters/defiant/

# This creates:
# - ArgoCD namespace with PSS labels
# - AppProjects (infrastructure, apps)
# - Root ApplicationSets that auto-discover components

4. Access ArgoCD UI

# Get initial admin password
kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath="{.data.password}" | base64 -d

# Port forward
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Open https://localhost:8080
# Username: admin

5. Verify Infrastructure

After bootstrap, ArgoCD will automatically sync:

  • cert-manager - TLS certificate management with Let's Encrypt
  • networking - Istio gateway (when configured)
  • storage - NFS StorageClass (when configured)
  • monitoring - Prometheus/Grafana (when configured)

Adding New Infrastructure

  1. Create directory under infrastructure/<component>/
  2. Add kustomization.yaml (required)
  3. Add manifests or helmCharts
  4. Commit and push
  5. ArgoCD auto-discovers via Git Directory Generator

Adding Applications

  1. Create base in apps/base/<app>/
  2. Create overlay in apps/overlays/prod/<app>/
  3. Commit and push
  4. ArgoCD creates Application automatically

Troubleshooting

# Check ApplicationSet status
kubectl get applicationsets -n argocd

# Check Application sync status
kubectl get applications -n argocd

# View ArgoCD logs
kubectl logs -n argocd deployment/argocd-applicationset-controller
Reference in New Issue View Git Blame Copy Permalink