feat: add comprehensive documentation and deployment scripts
- Created new documentation files including TROUBLESHOOTING.md, CONFIGURATION.md, and CONTRIBUTING.md. - Added deployment guide with automated and manual instructions. - Introduced new YAML configurations for Kubernetes resources and Helm charts. - Implemented a deployment script for setting up the GitOps infrastructure.
This commit is contained in:
@@ -0,0 +1,130 @@
|
||||
# Configuration Guide
|
||||
|
||||
Guide for configuring and customizing the GitOps infrastructure.
|
||||
|
||||
## Customizing Component Versions
|
||||
|
||||
Edit Helm chart versions in kustomization.yaml files:
|
||||
|
||||
```yaml
|
||||
# argocd/eu-central-1/kustomization.yaml
|
||||
helmCharts:
|
||||
- name: argo-cd
|
||||
repo: https://argoproj.github.io/argo-helm
|
||||
version: 5.x.x # Update version
|
||||
releaseName: argocd
|
||||
```
|
||||
|
||||
## Resource Configuration
|
||||
|
||||
Modify resource limits in values.yaml:
|
||||
|
||||
```yaml
|
||||
# argocd/eu-central-1/values.yaml
|
||||
controller:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
```
|
||||
|
||||
## OIDC Authentication Setup
|
||||
|
||||
Update argocd-cm ConfigMap:
|
||||
|
||||
```yaml
|
||||
oidc.config: |
|
||||
name: Azure AD
|
||||
issuer: https://login.microsoftonline.com/<tenant-id>/v2.0
|
||||
clientID: <client-id>
|
||||
clientSecret: $oidc.clientSecret
|
||||
```
|
||||
|
||||
## Adding New Regions
|
||||
|
||||
1. Create new directory: `<region>/`
|
||||
2. Copy and adapt configuration from `eu-central-1/`
|
||||
3. Update domain names and region-specific values
|
||||
4. Create new root application
|
||||
|
||||
## Secrets Configuration
|
||||
|
||||
Using Sealed Secrets pattern:
|
||||
|
||||
```bash
|
||||
# Create secret
|
||||
kubectl create secret generic my-secret \
|
||||
--from-literal=password=mysecret \
|
||||
--dry-run=client -o yaml > my-secret.yaml
|
||||
|
||||
# Seal it
|
||||
kubeseal -f my-secret.yaml -w my-sealed-secret.yaml
|
||||
|
||||
# Commit sealed version
|
||||
git add my-sealed-secret.yaml
|
||||
```
|
||||
|
||||
## Network Policies
|
||||
|
||||
Configure NetworkPolicy for security:
|
||||
|
||||
```yaml
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: argocd-allow-ingress
|
||||
namespace: argocd
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-server
|
||||
policyTypes:
|
||||
- Ingress
|
||||
```
|
||||
|
||||
## Certificate Configuration
|
||||
|
||||
Update cert issuer for custom domains:
|
||||
|
||||
```yaml
|
||||
# cert-manager/eu-central-1/cert-issuer.yaml
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: custom-issuer
|
||||
namespace: kube-devops
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: admin@example.com
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-key
|
||||
```
|
||||
|
||||
## Kargo Customization
|
||||
|
||||
Configure Kargo projects and stages:
|
||||
|
||||
```yaml
|
||||
# kargo-projects/orchestration-stack/orch-stage.yaml
|
||||
apiVersion: kargo.akuity.io/v1alpha1
|
||||
kind: Stage
|
||||
metadata:
|
||||
name: prod
|
||||
namespace: orchestration-kargo
|
||||
spec:
|
||||
subscriptions:
|
||||
upstreamStages:
|
||||
- name: staging
|
||||
promotionMechanisms:
|
||||
argocd:
|
||||
appUpdates:
|
||||
- appName: production-app
|
||||
```
|
||||
|
||||
---
|
||||
**Last Updated**: 2026-04-16
|
||||
|
||||
Reference in New Issue
Block a user