NowChess/GitOps
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a095c7c54061f8525ccc9ff7f0ecae8ef8ecca19
GitOps/CONFIGURATION.md
T
Janis 20d8146e8c feat: add comprehensive documentation and deployment scripts 
- Created new documentation files including TROUBLESHOOTING.md, CONFIGURATION.md, and CONTRIBUTING.md.
- Added deployment guide with automated and manual instructions.
- Introduced new YAML configurations for Kubernetes resources and Helm charts.
- Implemented a deployment script for setting up the GitOps infrastructure.
2026-04-16 19:07:08 +02:00

2.4 KiB
Raw Blame History

Configuration Guide

Guide for configuring and customizing the GitOps infrastructure.

Customizing Component Versions

Edit Helm chart versions in kustomization.yaml files:

# argocd/eu-central-1/kustomization.yaml
helmCharts:
- name: argo-cd
  repo: https://argoproj.github.io/argo-helm
  version: 5.x.x  # Update version
  releaseName: argocd

Resource Configuration

Modify resource limits in values.yaml:

# argocd/eu-central-1/values.yaml
controller:
  resources:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      cpu: 500m
      memory: 512Mi

OIDC Authentication Setup

Update argocd-cm ConfigMap:

oidc.config: |
  name: Azure AD
  issuer: https://login.microsoftonline.com/<tenant-id>/v2.0
  clientID: <client-id>
  clientSecret: $oidc.clientSecret

Adding New Regions

  1. Create new directory: <region>/
  2. Copy and adapt configuration from eu-central-1/
  3. Update domain names and region-specific values
  4. Create new root application

Secrets Configuration

Using Sealed Secrets pattern:

# Create secret
kubectl create secret generic my-secret \
  --from-literal=password=mysecret \
  --dry-run=client -o yaml > my-secret.yaml

# Seal it
kubeseal -f my-secret.yaml -w my-sealed-secret.yaml

# Commit sealed version
git add my-sealed-secret.yaml

Network Policies

Configure NetworkPolicy for security:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: argocd-allow-ingress
  namespace: argocd
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: argocd-server
  policyTypes:
  - Ingress

Certificate Configuration

Update cert issuer for custom domains:

# cert-manager/eu-central-1/cert-issuer.yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: custom-issuer
  namespace: kube-devops
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: admin@example.com
    privateKeySecretRef:
      name: letsencrypt-key

Kargo Customization

Configure Kargo projects and stages:

# kargo-projects/orchestration-stack/orch-stage.yaml
apiVersion: kargo.akuity.io/v1alpha1
kind: Stage
metadata:
  name: prod
  namespace: orchestration-kargo
spec:
  subscriptions:
    upstreamStages:
    - name: staging
  promotionMechanisms:
    argocd:
      appUpdates:
      - appName: production-app

Last Updated: 2026-04-16

Reference in New Issue View Git Blame Copy Permalink