A declarative, version-controlled kubernetes cluster managed by Argo CD.
Run the bootstrap helper to install argocd (pinned to v2.12.3), create the
root Application, and hand control over to argocd:
./scripts/bootstrap-cluster.shThe script can be overridden with a different upstream Argo CD tag by setting
ARGOCD_VERSION. It is safe to run multiple times.
// TODO: Implement a completely automated alternative for those who don't want // to use their own certificate authority.
// TODO: Use sealed secrets (i.e. kubeseal) to limit out of band (i.e. manual) // requirements.
Cert-manager issues cluster certificates from an internal CA secret that must be
provisioned out of band. Supply the CA certificate and key used by
apps/cert-manager/internal-ca-issuer.yaml:
./scripts/provision-internal-ca.sh path/to/ca.crt path/to/ca.keyThe script validates the inputs, ensures the cert-manager namespace exists,
and creates or updates the internal-ca secret that backs the
internal-ca-issuer ClusterIssuer.
Argo CD applications are assigned sync waves to ensure platform dependencies (such as cert-manager) finish installing before dependent configuration applies.
// TODO: Implement some validation/feedback mechanism. Right now I have to use // argo ui or cli to figure out if things are okay. Ideally, validate as much // as possible before changing the cluster, but at least notify on deployment // issues or make them readily available.